Tag Archives: DHS

The joke is on us (all)

Reuters gave light (again) to an article that I wrote earlier, 2 days ago (at https://lawlordtobe.com/2021/03/30/an-almost-funny-thing/) I wrote ‘An almost funny thing’, I got it from the BBC and I feel certain that some official people were already already on the ball, being a mere 2 years late. I reckon that some figured out that the growing cash flow these people ended up with will count against certain players, if not a lot more. Some people might have gotten additional considerations with “In the OSI model, we see layers 3-7 (layer 8 is the user). So as some have seen the issues from Cisco, Microsoft and optionally Zoom, we see a link of issues from layer 3 through to layer 7 ALL setting a dangerous stage. Individually there is no real blame and their lawyers will happily confirm that, but when we see security flaw upon security flaw, there is a larger stage of danger and we need to take notice” and that is the tip of the iceberg. So when Reuters gives us ‘Ransomware tops U.S. cyber priorities, Homeland secretary says’ this morning, we might not get the entire field in view and that is not on Reuters. And as Alejandro Mayorkas gives us “ransomware was “a particularly egregious type of malicious cyber activity” and listed it as the first of several top priorities that his department would tackle in the online sphere” we are not getting the entire story and we are happily giving the Department of Homeland Security that as they have other consideration as well. Yet I personally believe (speculatively) that some programmers working in specific places got handed libraries to make more, but also got a setting where they created software that opened a backdoor, so that all parties have an excuse and any investigation will end up going nowhere. You see there are plenty of real option givers that start as ‘Top 9 Python Frameworks For Game Development’, and that is where it starts. Consider the following scenario: as some developers become better they seemingly need shortcuts and would you believe it, some knows someone on the darkweb and they will hand the developer an option, two actually, one is free, the other one is $19.99, but is ‘presented’ as a lot more secure and it has documentation, that is all that they need and as the library is linked, the trap is set. The game maker does the right thing and enhances his program with either version (both have the flaw), and now, with a passive backdoor is passive (gaming is required), it passes through a whole range of systems and as the game is offered free with ‘in-app purchases’ the people behind the screens suddenly have 100K+ stations for all kinds of use. So whilst some are trivialising “No one really knows the size of the dark web, but most estimates put it at around 5% of the total internet. Again, not all the dark web is used for illicit purposes despite its ominous-sounding name”, we see, ohh not all is illicit, but consider that this software would be in the open internet if it was all on the up and up. The indie developer (many companies of one) has that ‘special feeling’ as he was introduced and others were not, but they all were and some were offered similar links in the end all linking to the same package, and that is the game, so when we we see greed driven idiots like Epic games (and a few others) setting the stage to avoid the Google and Apple store, we will see a much larger shift, one that gives free reign to criminal minded people to infect a massive amount of systems. So when you think that players like DHS is ready for these assaults, the people will soon learn the hard way that they were not and from there it will go from bad to worse.

And this is not about Epic games, even as some will herald “Cesium will be available for free for all creators on the Unreal Engine Marketplace. It’s an open-source plugin for the engine that unlocks global 3D data and geospatial technology. This means that games that use it will be able to discover in real time the location of a player in a given 3D space, using accurate real-world 3D content captured from cameras, sensors, drones, and smart machines” (source: venture beat), we think it is all for the good of us, and it is not, it is good for the pockets of Epic Games, but what happens when other elements get a hold of the saved data linked to geospatial technology? What happens, when foundational advantages that were (for the most) in the hands of players like CIA and GCHQ; what happens when cyber criminals get THAT level of precise data and THOSE cluster data groups? Did you think of that? So whilst some laugh away “games that use it will be able to discover in real time the location of a player in a given 3D space, using accurate real-world 3D content captured from cameras, sensors, drones, and smart machines”, the data will go a lot further, it will optionally end up not merely showing those systems, but the locations of all systems they link to as well. It is a hidden version of what I called the ‘Hop+1’ intrusion malware (thought up by yours truly) that made much of the CIA counter software close to useless, someone took that idea and made a corporate version with some version of a backdoor, in that stage the internet will end up being as dangerous as walking the dog (not the ‘M’ word), in a minefield. Letting the dog have a shit will be the last thing you did that day for a very long time to come.

As such, some might applaud the DHS (they actually did nothing wrong) as we see “a DHS official said the reference was to underground forums that help cybercriminals franchise out their malicious campaigns.” Yet under these situations, finding blame is close to impossible and the mistrusting developers end up helping cyber criminals in the process, and that is if there is ever any prosecutable connection found. 4 stages not directly linked will make prosecution close to impossible. So how is that for size? And whilst we take notice of “He said the agency would “quarterback” the U.S. government’s digital defences and serve as a “trusted interlocutor” between business executives and public servants” we see that their heart is in the right place, but the people they are hunting are heartless, devious, better funded and technologically more up to speed. It is a race many politically governmental intelligence organisations cannot win, not now, and optionally not ever. What a fine mess some corporations got us into.

Leave a comment

Filed under Gaming, IT, Law, Military, Politics, Science

Not for minors

OK, this is not the most subtle article I have ever written, but at times subtle just doesn’t do the story any justice, it happens. So this is a question to parents “If you have a daughter between 22-32, and she looks like Laura Vandervoort, Olivia Wilde, or Alexina Graham. Can I please fuck the bejesus out of her vagina?” To be honest, I don’t really need to, but it has been a while, so there. 

Are we all awake now? So consider ‘Facebook and Apple are in a fight. Your browsing history is in the middle’ (at https://www.nbcnews.com/tech/tech-news/facebook-apple-are-fight-your-browsing-history-middle-n1251612), apart from all the hackers getting access through Microsoft, we see another stage develop. The headline might not get you on board, so perhaps the by-line will “Facebook on Thursday ran its second full-page newspaper advertisement in as many days, attacking Apple’s plans to tell iPhone and iPad users when apps are tracking them online”, which implies that Facebook does NOT want you to know that apps are tracking your every move, and Apple does. It seems to me that Apple is in a stage to put awareness and security at the centre of your digital life, Facebook not so much. Now, I have no problems with Facebook keeping track of my actions ON FACEBOOK, but dos their ‘free’ service imply that they are allowed to do that anywhere I am? I believe that this is not the case and the money Facebook is getting is starting to feel tight around my digital profile, their actions had already made it important to delete Facebook software from my mobile phone (it was draining my battery), but the stage is larger and that is seen in the NBC News article (and a few others too).

So as the quote “Facebook on Thursday ran its second full-page newspaper advertisement in as many days, attacking Apple’s plans to tell iPhone and iPad users when apps are tracking them online” is given, how many of you are considering the following:

  1. A full page ad in the newspapers is pretty expensive.
  2. Facebook is seemingly untouched that multiple apps are following us.
  3. We are seemingly not allowed to know all the facts!

This is the big one “attacking Apple’s plans to tell iPhone and iPad users when apps are tracking them online”, so why are we not allowed to know what is being done to us, that we are being followed in a digital way and Facebook does not want us to be aware? This is where we see my (not so) subtle hint regarding your daughter and “fuck the bejesus out of her vagina”, how many fathers will be slightly less than enthusiastic? I get it, your little princess (your consenting and adult) little princess needs a knight on a white horse and always bring flowers and chocolates, have honourable intentions and to set your mind at ease keeps your daughter a virgin until the day she marries. It is not realistic, but parents are allowed to be overly protective of their princes and princesses. Yet Facebook seemingly does not want you to be in that park, they want you to be unaware of what is going on, and Apple drive it to the surface. So when we see “Apple is planning to roll out a new feature on its devices that will alert people when an app such as Facebook is trying to “track your activity across other companies’ apps and websites.” People will have options such as “Ask App not to Track” or “Allow.””, they did something really clever, if Microsoft (after they resolve all their hacks) does not follow suit, Microsoft stands to lose a massive slice of the consumer pie and that will not make them happy. I for the most am completely on the Apple side when we see “Users should know when their data is being collected and shared across other apps and websites — and they should have the choice to allow that or not”, I personally am realistic enough to see that Apple has an additional side to this, not sure what yet, but this is about a lot more than mere advertisements, I am however not too sure about what that is. When we see “Facebook uses data such as browsing history to show people ads they’re more likely to want to see, and to prove to marketers that its ads are working”, we need to realise that I would have no issues with any link opened within Facebook towards whatever we were going to in any advertisement. For example, if Facebook opens up a browser window, within Facebook and tracks the clicker, I would not completely be opposed to it, but Facebook realises that the data it I tracking is a much larger stage and I feel that this is not merely about “prove to marketers that its ads are working”, I believe that these trackers keep tabs on a lot more, keep tabs on what we do, where we do it and how we do it. I believe that it is a first step in the overly effective phishing attacks we face, Facebook might not be part to that, but I reckon the phishing industry got access to data that is not normally collected and I personally believe that Facebook is part of that problem, I also believe that this will turn from bad to worse with all the ‘via browser gaming apps’ we are currently being offered. I believe that these dedicated non console gaming ‘solutions’ will make things worse, it might be about money for players like Epic (Fortnite), but the data collected in this will cater to a much larger and optionally fairly darker player in this, I just haven’t found any direct evidence proving this, in my defence, I had no way of seeing the weakness that SolarWinds introduced. It does not surprise me, because there is always someone smarter and any firm that has a revenue and a cost issue will find a cheaper way, opening the door for all the nefarious characters surfing the life of IoT, there was never any doubt in this.

And in this, it was for them NEVER directly about the money, in this look at the ‘victims’:
The US Treasury Department, The US Department of Commerce’s National Telecommunications and Information Administration (NTIA), The Department of Health’s National Institutes of Health (NIH), The Cybersecurity and Infrastructure Agency (CISA), The Department of Homeland Security (DHS), The US Department of State, The National Nuclear Security Administration (NNSA) (also disclosed today), The US Department of Energy (DOE) (also disclosed today), Three US states (also disclosed today), City of Austin (also disclosed today) (source: ZDNET). It was about the information, the stage of a more complete fingerprint of people and administrations. It gives the worry, but it also gives the stage where we can see that Apple has a point and we need to protect ourselves, because players like Microsoft will not (no matter what they claim). In this I name Microsoft, but they are not alone, anyone skating around margins of cost are potential data leaks and that list is a hell of a lot larger than any of us (including me) thinks it is.

So whilst we look and admire the models, actors and actresses and we imagine whatever we imagine, consider that they are not a realistic path, a desirable one, but not a realistic one and that is the opening that organised crime needs to claimingly give you ‘access’ to what you desire whilst taking your data. It is the oldest game in the book, all wars Arte based on deception and you need to wake up, the moment your data is captures and categorised you are no longer considered an interesting party, you are sold and they move onto the next target. So whilst you get trivialised, consider that Apple has a plan, but whatever they plan, it seems you are better off on that side, than the one Facebook is planning. When was the last time that you were better off staying in the dark on what happens to your data, on what happens when others keep tabs on you?

And in this consider “Facebook is making a last-ditch effort to persuade Apple to back off or compromise with industry standard-setters.With offline ads in newspapers such as The Washington Post and The Wall Street Journal, the social networking company is trying to rally to its side the millions of small businesses who buy ads on Facebook and Instagram”, so in that quote where do we see any consideration on the people or us as the consumers? When we see “millions of small businesses who buy ads on Facebook and Instagram” where is the consideration that they should have for the customers who walk into their business? When you get in any shop what do you hear? How can I be of service? Or do you hear: What do you want? I let you consider that whilst you consider the position Facebook needs to have and consider that non digital advertisement never kept track of what other newspapers you were reading. 

We seemingly forgot that there is a price for the presence of IoT, Apple is making us aware of that. I am not silly enough that Apple is holier than though, but at least they created the awareness and the greed driven players are not looking too good today, are they?

Leave a comment

Filed under IT, Law, Media, Science

Stage light or lime light?

This morning I had to mull things over. I saw ‘Suspected Russian hackers spied on U.S. Treasury emails – sources’ (at https://uk.reuters.com/article/us-usa-cyber-treasury-exclsuive/suspected-russian-hackers-spied-on-u-s-treasury-emails-sources-idUKKBN28N0PG), I saw the news early this morning, but the stage was not clear. You would think that when you see a title like this, the stage is pretty clear, is it not? But in all this, two sentences were out, or perhaps they were off was more apt in this line of consideration. 

The first sentence that waved like a hammer and sickle flag was “according to people familiar with the matter”, this was not some official brief by the FBI or the DHS, it was some anonymous setting and as that nations current president is mad as a hatter (or in possession of less common sense then the Court Jester entertaining Reniero Zeno) gives rise to worry. Now, let be clear, I am not stating that this isn’t happening. Consider “but three of the people familiar with the investigation said Russia is currently believed to be responsible for the attack. Two of the people said that the breaches are connected to a broad campaign that also involved the recently disclosed hack on FireEye, a major U.S. cybersecurity company with government and commercial contracts”, so now it is not from one source, but one journo has access to ALL THREE? Then there is (the secnd one) “cyber spies are believed to have gotten in by surreptitiously tampering with updates released by IT company SolarWinds”, which also affects the military, and in this, we grb back to the earlier statement “they asked the Cybersecurity and Infrastructure Security Agency and the FBI to investigate”, really? Military integrity is in play and you think that none of the Defence intelligence groups, or cyber command is invited? Then we get the end which gives us “The hackers are “highly sophisticated” and have been able to trick the Microsoft platform’s authentication controls, according to a person familiar with the incident, who spoke on condition of anonymity because they were not allowed to speak to the press”, that and the consideration (not fact) that “Hackers broke into the NTIA’s office software, Microsoft’s Office 365. Staff emails at the agency were monitored by the hackers for months”, consider that and set the light towards a transgression on the Microsoft Azure cloud that makes their cloud useless, or turns it into a public domain Bulletin board, something EVERY industrial wants to hear. You think that this was not out in force and Microsoft was on every channel on the PLANET explaining to the people that there was no cause for alarm? All this and some Christopher Bing has three sources? Anyone else concerned with the quality of news? And the last line giving us ‘because they were not allowed to speak to the press’ did it for me. 

Is this a ploy to avoid the limelight, or make sure that the stage lights are pointing somewhere else? Now, I reckon that the Russian government is forever trying to get its fingers on all kinds of hush hush details, the CIA does pretty much the same thing, yet in this we see “highly-sophisticated, targeted and manual supply chain attack by a nation state”, what evidence is there? This is important, because it could well be organised crime or a super rich singular player who wants the low-down on deals that syphon his or her money more efficiently and that has been done before as well. In this the entire approach is one of chaos, even if the chaos seems organised. The fact that it was allegedly possible to “Staff emails at the agency were monitored by the hackers for months” with the mention of Microsoft 365 and the news was limited to one person at Reuters? That and the fact that it as seemingly ‘months’ is a larger cause for concern, the fact that this was going on for well over a week and not every Christmas light would shine brightly red at 2624 NE University Village St, Seattle, WA 98105, United States is a first, the fact that not every siren is blasting on EVERY Microsoft 365 and Azure data centre is a second. But no, we get “there was a breach at one of its agencies and that they asked the Cybersecurity and Infrastructure Security Agency and the FBI to investigate”, yes because dimensionality in alarms and corporate dangers are passed on forever to the FBI in such a blasé way.

So I have several issues on the matter and in all this I can in all honesty not determine whether the light shining is a limelight to give visibility to someone else, or a stage light to make the people look to the left all whilst the people on the right are running off the stage, hoping no one will notice. It can be either or both, but the picture they are painting for us does not make sense and lust like that Italian dude (read: doge), the 45th no less, had his own battles to fight (mostly with Genoa), it was set in one quarter, but had underlying conditions (like Michael VIII Palaiologos) and in this certain nobility members profited greatly, I wonder why that never got properly investigated. And as such I do not oppose the pointing fingers at the Kremlin, but doing so before we see “the Cybersecurity and Infrastructure Security Agency and the FBI to investigate” deliver a finished report is a little fast, so fast even McDonalds cannot compete. All whilst cybercrime has a much larger reach to a great deal many more people and still Microsoft remains silent. 

There is a bright light over yonder, yet what it is used for, I cannot tell.

Leave a comment

Filed under IT, Media, Military, Politics, Science

The hack game continues

The press continues to assault Mohammad Bin Salman and Saudi Arabia, the same press that has ignored hostile acts by Iran, the same press who have knowingly and from my point of view ignored (read: and downplayed) several issues in Yemen caused by Hezbollah. 

So as I got to see (at https://www.theguardian.com/technology/video/2020/jan/22/jeff-bezos-phone-hacked-allegation-saudi-crown-prince-video-explainer) the video that was placed two weeks ago, in light of what I wrote yesterday. I thought that the video gives light to several questions that link to this. It is also important, because it shows a global FAILING of cyber security, not by the hairless man (Jeff Bezos) by the way, who in this is basically a consumer (one with deep pockets that is).

The video starts off with Stephanie Kirchgaessner, where she says (at 00:14) ‘who is somehow personally involved‘ (1). Then we get (at 00:32) ‘according to his own security team victim of some sort of hack by Saudi Arabia‘ (2) we get more accusations, but with the word ‘allegation’, as such she is in the clear. After that we get a clip from CBS This morning (at 1:08) with a followup and direct accusation towards the WhatsApp account ‘from the account of the Crown Prince of Saudi Arabia‘ (3), even as I am tempted to ignore ‘We can’t know what was going on in the mind of Mohammad Bin Salman‘ (at 1:55) (4)

After that there is a reference to ‘the experts that she spoke to‘ (at 2:12) and they point to the fact that he is the owner of the Washington Post, not the owner of Amazon or merely a rich dude. ‘It was an attack on the Press‘ is what seemingly comes out of this. 

We get a few more events, but nothing that is too interesting, not in this view.

Personally I actually do not care about Bezos and his needs, I do not give a hoot about a few items, and my personal view is that any person is innocent until PROVEN guilty and the attacks on Saudi Arabia as well as the Crown Prince are offensive to me as we should know and act better.

So as we get to the stage of the why, we need to see the stage we are entering. This is not (merely) a Criminal situation, this is a cyber ploy and that is where the focus is, I have written more than enough about the joke that is the FTI Consulting report, but in the end it is linked to all this. 

  1. Who is somehow personally involved

How? I am not referring to item 3, there is a larger stage here. The alleged infecting file was received on May 1st 2018. In this I am using alleged as the investigation did not start until February 2019. However, the FTI Consulting report on page 12, item 22 gives us that hours after the reception of a file resulting in egress data in excess of 29,000%. I do not question that, I do not question that Bezos got hacked. 

Why am I opposing here?

As I stated in ‘6 simple questions‘ (at https://lawlordtobe.com/2020/02/03/6-simple-questions/) yesterday. Other experts give us “Check Point Research, however, recently unveiled new vulnerabilities in the popular messaging application that could allow threat actors to intercept and manipulate messages sent in both private and group conversations, giving attackers immense power to create and spread misinformation from what appear to be trusted sources.” This is important when we consider ‘allow threat actors to intercept‘ as well as ‘spread misinformation from what appear to be trusted sources‘ as such Check Point research gives us that false information could be sent to a person from anyone claiming to be anyone else. The source of the infection cannot be verified in this. that is an important fact, one that was out in the open and FTI Consulting never went there.

  1. According to his own security team victim of some sort of hack by Saudi Arabia

So his security team are cyber experts? And they know somehow that Saudi Arabia did the attack? Based on what evidence? I showed in the previous point that this is optionally not the case and the FTI Consulting report is nothing short of a joke (as I personally see it), there is no path to where the data is going, there is no evidence on where the infection came from. 

  1. from the account of the Crown Prince of Saudi Arabia

Here is the larger issue and even as I debunked it in point one, we must not ignore this, there is one path that is not investigated and not one that can no longer be investigated. The mobile of the Crown Prince might be infected itself. My point one avoids it, but we cannot ignore it. The chances of Saudi Arabia or its officials in light of the attacks cooperating is close to zero and as such this point will remain on the books. From my point of view gathering intel and evidence before shouting foul would have been a much better approach and why the UN gets involved in this is still open to debate on a few sides. 

  1. We can’t know what was going on in the mind of Mohammad Bin Salman

In this we can speculate and debate until we are blue in the face, but the truth is that all this started 2 years ago and the evidence is largely missing, more important, whomever was involved has removed whatever sides they needed to and as such the actual guilty party will never be found. Yet the foundation of the accusation is larger.

He was being attacked by the press and we seemingly forget that the infection started BEFORE someone seemingly ended the life of some columnist named Jamal Khashoggi, as such we can argue that there was no attack on the Washington Post. To be more honest, at the time of the infection Jamal Khashoggi was some columnist most people on the planet had never heard of (apart from the Washington Post readers) 

Yet when we look at the Vice article (at https://www.vice.com/en_us/article/v74v34/saudi-arabia-hacked-jeff-bezos-phone-technical-report), there we see that former FBI investigator Anthony J Farrante gets into the fight and the report gives us ““to assess Bezos’ phone was compromised via tools procured by Saud al Qahtani,” the report states“, it is an interesting plot, especially when we consider another Vice article (at https://www.vice.com/en_us/article/8xvzyp/hacking-team-investor-saudi-arabia) where we saw “Hacking Team was thoroughly owned, with its once-secret list of customers, internal emails, and spyware source code leaked online for anyone to see“, so lets put this in the right frame, Anthony J Farrante is going out to prove that a tool procured by Saud al Qahtani, and as far as we can speculate is in the possession of thousands of hackers through ‘spyware source code leaked online for anyone to see‘ is the guilty perpetrator. How is that ever going to work? 

Well that is optionally still the case if we can examine the source of the problem, and that is basically already debunked by Alex Stamos, the former chief information security officer at Facebook who gave us “Lots of odd circumstantial evidence, for sure, but no smoking gun“, in this I also got to “several high-profile and respected researchers, highlights the limits of a report produced by FTI Consulting, the company Bezos hired to investigate the matter“, as well as “A key shortcoming of the analysis, Edwards said, was that it relied on a restricted set of content obtained from Bezos’s iTunes backup. A deeper analysis, she said, would have collected detailed records from the iPhone’s underlying operating and file systems. Other security experts characterized the evidence in the report as inconclusive“, and “a research group at the University of Toronto, offered a suggestion that could allow investigators to gain access to encrypted information that FTI said it could not unlock” (source: CNN), we see a whole range of experts giving out claims towards non-conclusivity, lack of expertise and optionally students in Toronto giving out solutions to a situation that FTI said it could not unlock. 

These are all matters that played out over time, some before the video report and it seems to me that the press is bashing with smoke signals as loud as possible hoping someone will scream ‘fire!‘. That is my view on the matter!

Now, all what I see and expose does not make any party innocent, it merely shows that there is no evidence to call anyone guilty on and that is what matters, because we want to turn this into an event where a person needs to prove that they are innocent, we must prove that anyone is guilty. In some cases beyond all reasonable doubt and in some cases on the setting of probability of guilt set against the average man. The entire cyber event fails on both terms and that is not merely me, and when we see ‘Other security experts characterized the evidence in the report as inconclusive‘ we need to realise that (apart from) FTI Consulting did a piss poor job in this case, the finding of actual and factual evidence is a lot harder in this day and age. The WhatsApp vulnerability showed that there is a larger problem and when we cannot determine the origin of any hack or virus, we are in for a much larger problem and this is happening before 5G is fully rolled out. That nightmare was brought nicely by Kenneth White, former advisor to DHS with “it can be extremely challenging to reconstruct the activities of a determined, well-resourced hacker“, this is what the Jeff Bezos team faced and from my view, they went about it the wrong way. Their report was never ready for release and the fact that basic parts were missed gives out a much larger problem, if billionaires rely on someone like FTI Consulting and this report is the standard, then the entire cyber setting in the United States could be regarded as a larger problem from beginning to end.

In this there is one highlight that Vice gave us that matters here, it is “The second obstacle regarded the password for the iTunes backup“, and “They apparently never obtained the password” that makes no sense, because the owner should have his backup, so unless Jeff was hit by the ID10T virus, we see a failing on more than one level and as such at what stage, in light of EVERYTHING out there in 2018 why was Crown Prince Mohammed bin Salman ever accused?

That is what angers me, not who was accused, but that an accusation came whilst there was a whole truckload of information out there making it a bad choice from beginning to end, so was the Washington Post owner hacked, or was the hack a way for the Washington Post to strike out to someone? That is the larger game that is now in the court of perception, a massive failing of properly assessing pieces of evidence by the media (and the UN). 

 

Leave a comment

Filed under IT, Media, Politics

6 simple questions

I have written about it before, yet the article last friday forces me to take more than another look, it forces me to ask questions out loud, questions that should have been investigated as this case has been running for two years, lets not forget the hairy Amazon owner had his smartphone allegedly hacked in 2018.

My article ‘The incompetent view‘ (at https://lawlordtobe.com/2020/01/28/the-incompetent-view/) was written on January 28th. I kept it alone for the longest of times, yet the accusations against Saudi Arabia, especially as that French Calamari UN-Essay writer is again involved forced my hand and the article last friday gives me the option to lash out and ask certain questions that the investigation optionally cannot answer, as such two years by these so called experts should be seen as 2 years by whatever they are, but I have doubt that expertise was part of the equation.

as such we begin with the Guardian (at https://www.theguardian.com/technology/2020/jan/31/jeff-bezos-met-fbi-investigators-in-2019-over-alleged-saudi-hack), here we see the following

NSO said: “we have not been contacted by any US law enforcement agencies at all about any such matters and have no knowledge or awareness of any investigative actions. Therefore, we cannot comment further.”“, which is a response towards the FBI who had been investigating NSO since 2017, which is based on the setting of “officials were seeking information about whether the company had received any of the code it needed to infect smartphones from US hackers

Yet it is the quote “Two independent investigators at the United Nations, Agnes Callamard and David Kaye, revealed last week that they have launched their own inquiry into allegations that Bezos’s phone was hacked on 1 May 2018 after he apparently received a video file from a WhatsApp account belonging to Mohammed bin Salman, the Saudi crown prince“, in this, can anyone explain to me why the UN is involved? I do not care how wealthy Jeff Bezos is and this has nothing to do with the Washington Post, either way this would be an initial criminal investigation, optionally running through the FBI.

  1. Why is the UN involved?

In defence we must observe “WhatsApp has said it believed NSO has violated criminal laws, including the Computer Fraud and Abuse Act, a federal law that is used to prosecute hackers. WhatsApp has claimed 1,400 users were hacked using NSO technology over a two-week period in April-May last year, after NSO was allegedly able to exploit a WhatsApp vulnerability that was later fixed

And again, we see that NSO technology is involved, yet FTI Consulting makes no mention of that part of the equation, more important whether the same atack was used, and in light of all this, we might see ‘NSO was allegedly able to exploit a WhatsApp vulnerability that was later fixed‘, yet when exactly was it fixed? That too is part of the equation.

When we look at the FTI report, other issues become surface materials. Like the quote “The phone maintained an unusually high average of 101MB of egress data per day for months thereafter, including many massive and highly atypical spikes of egress data. Forensic artifacts demonstrated that this unauthorized data was transmitted from Bezos’ phone via the cellular network.” What data was sent exactly? The report gives us: “they provide the ability to exfiltrate vast amounts of data including photos, videos, messages, and other private or sensitive files. It should be noted that spikes resembling these might occur legitimately if a user enabled iCloud backup over cellular data service. Bezos. however. had iCloud backups disabled on his device. Other legitimate causes of spikes in egress data could be if a user willingly uploaded or transmitted large amounts of data via a chat or messaging app. email client, or cloud storage service, but none of these activities were corroborated by GDBA or Bezos.

As such, as FTI Consulting gives us “Advanced mobile spyware. such as NSO Group’s Pegasus35 or Hacking Team’s Galileo,36 can hook into legitimate applications and processes on a compromised device as a way to bypass detection and obfuscate activity in order to ultimately intercept and exfiltrate data. The success of techniques such as these is a very likely explanation for the various spikes in traffic originating from Bezos’ device.” Yet is that what happened? lets not forget that the FTI Consulting report on page 16 states “The following investigative steps are currently pending.

  1. Intercept and analyze live cellular data from Bezos’ iPhone X“, as well as “2. Jailbreak Bezos’ iPhone and perform a forensic examination of the root file system.” steps that are seemingly incomplete and optionally not done at all, as such how did anyone in Saudi Arabia get fingered as the guilty party? It could be the German Cracking Service for all we know stating to Jeff Bezos ‘Copy me, I want to travel‘.
  2. Where is the evidence on the hack and the destination of the hacked data?

There are two parts in this, as I explained earlier, Vice.com gave an earlier consideration with ““Hacking Team was thoroughly owned, with its once-secret list of customers, internal emails, and spyware source code leaked online for anyone to see”” yet the stage that we see here, is merely a footnote in the FTI Consulting report and is given no weight at all.

This leads to the question 

  1. How was the phone of Jeff Bezos infected and where is that evidence?

This could lead to 3a. Who actually infected the iPhone of Jeff Bezos?

Which leads to the last part of last friday’s article and perhaps the biggest smear of all time “New revelations about the alleged hacking of Bezos’s phone have caught the attention of a handful of politicians in Washington who have sought more information about the alleged hack, including whether there was any evidence that Saudi Arabia had infected phones of any members of the Trump administration.” and because of this (as well as more) we get to:

  1. What exactly are the new revelations, as the FTI Consulting report is incomplete.
  2. Where is the evidence that Saudi Arabia infected ANY phones?

You see, someone infecting another person by claiming that they are someone they are not is at the core of this, as such any person in the room could have infected Jeff Bezos’s phone and optionally other phones too. Claiming to be MBS and being MBS are two separate parts. 

In this it was CNN who gave us “The report’s limited results are a reminder that it can be extremely challenging to reconstruct the activities of a determined, well-resourced hacker” and if hat is the setting, we again get to the stage where we cannot tell who infected the system of Jeff Bezos in the first place. As such Kenneth White (formerly with DHS) as well as  Chris Vickery (Director UpGuard) who gives us “other evidence provided by FTI increased his confidence that Bezos was being digitally surveilled“, we do not question that, we merely question the lack of evidence that points to Saudi Arabia as a perpetrator, basically the guilty party is not seen, because no evidence leading there is given, the fact that essential tests have not been done is further evidence still of the absence of any guilty party.

As that stands I merely end with the question:

  1. Why on earth is the UN involved in an alleged Criminal investigation where so much information is missing?

When we realise the small line in the Guardian “An analysis of the alleged hack that was commissioned by the Amazon founder has not concluded what kind of spyware was used” we are given a much larger consideration, if the spyware used is unknown, how can the data spy be seen? This gets an even larger mark towards the question when we consider “Check Point Research, however, recently unveiled new vulnerabilities in the popular messaging application that could allow threat actors to intercept and manipulate messages sent in both private and group conversations, giving attackers immense power to create and spread misinformation from what appear to be trusted sources.” (at https://research.checkpoint.com/2018/fakesapp-a-vulnerability-in-whatsapp/), and another source (at https://www.bleepingcomputer.com/news/security/whatsapp-vulnerability-allows-attackers-to-alter-messages-in-chats/) gives almost the same information and also has the text “Using these techniques, attackers can manipulate conversations and group messages in order to change evidence and spread fake news and misinformation“, the FTI Consulting report gives us nothing of that, and as it does not set the stage of disabling that these were options that were disregarded, we see that this mobile situation might not now or not ever see the light of day with an actual reference to an attacker that will hold water in any court. 

As such the UN will have a lot to explain soon enough, I got there through 6 simple questions, 6 questions that anyone with an application of common sense could have gotten to, I wonder why the UN did not get there, I wonder why FTI Consuilting handed over a report that was failing to this degree.

 

3 Comments

Filed under IT, Law, Media, Politics

The incompetent view

I’ll admit, there are other things to write about, yet this is a larger issue than anyone thinks it is. The previous writers did not ponder the questions that were adamant, and Stephanie Kirchgaessner follows suit (at https://www.theguardian.com/us-news/2020/jan/27/nsa-faces-questions-over-security-of-trump-officials-after-alleged-bezos-hack) when we consider that the focus here is the NSA in ‘NSA faces questions over security of Trump officials after alleged Bezos hack‘. You see, it is not merely the fact that they got the stage wrong, it is the fact that everyone is looking at the stage, whilst the orchestra is missing, so how about that part of the equation and that leads to very uncomfortable question towards WHY the US is tailing on 5G and why it is trying to tailgate into the 5G room. They forgot what real innovation is and Saudi Arabia is seemingly passing them by, a nation that has forever been seen as a technological third world is surpassing the US and it is upsetting more and more people.

The US National Security Agency is facing questions about the security of top Trump administration officials’ communications following last week’s allegations that the Saudi crown prince may have had a hand in the alleged hack of Jeff Bezos“, with this the article opens and basically nothing wrong is stated here, yet when seen in the light of the byline which was “Democratic lawmaker asks agency if it is confident the Saudi government has not sought to hack US officials“, as such it becomes an issue. first off, the question is not wrong, because the US administration has a duty to seek the safety of communications for its coworkers (senators and such), yet in all this, it does become a little more clear when we see “Ron Wyden, a senior Democratic lawmaker, asked the director of the NSA whether he was confident that the Saudi government had not also sought to hack senior US government officials“. You see in the first, Saudi intentional involvement was NEVER established, moreover, the report (I looked at that last week) has several hiatus of a rather large kind, as such the formulation by this 70 year old person is quite the other issue. 

It is my personal conviction that a Fortune 100 company should consider the danger they open themselves up to when letting cyber issues be investigated by FTI Consulting. The entire matter of how infection was obtained (if it was infection), and that the entire matter was instigated by any third party who had gained access to the phone of Jeff Bezos, and in all this enough doubt was raised who got access and more importantly that there was no evidence that this was ANY Saudi official, as such the short sighted “whether he was confident that the Saudi government had not also sought to hack senior US government officials” by a 70 year old who shows issues of lack of critical thinking, no matter what which school he went to when he was half a century younger.

And again we see the reference towards “The senator from Oregon is separately seeking to force the Trump administration to officially release the intelligence it collected on the murder of Jamal Khashoggi, the Washington Post journalist who was killed in a state-sponsored murder in October 2018“, which is another flaw as there was never any clear evidence that anyone in Turkey was “killed in a state-sponsored murder in October 2018“, more importantly, the French UN Essay writer who was seemingly involved in both reports is showing a lack of critical thinking all by herself.

All this whilst Paul Nakasone (director NSA) is confronted with “was believed to have been the victim of a hack that was instigated after he allegedly received a WhatsApp message from the account of Crown Prince Mohammed bin Salman“, the problem is twofold, in the first I personally see the report by FTI Consulting as a hack job, not a job on a hack. There are several sides that give doubt on infection source and moreover there is additional lack of evidence that the source was a Saudi one. More importantly other sources gave away issues on WhatsApp some time overlapping the event, exploits that made it into the press from all sides giving the weakness that any unnamed party could have played to be a Saudi delivery whilst the file was not from that delivery point. Issues that were out in the open and the report gives that FTI Consulting ignored them. It could read that a certain French Essay writer stated ‘I Have a Saudi official and an American phone, find me a link, any link‘, I am not stating that this happened, but it feels like that was the FTI Consulting case. When was the last time you saw an intentional perversion of justice and truth?

And when we see: “The issue is now the subject of an investigation by two independent UN investigators“, we see an almost completed path. When we see all this lets take a step back and consider. 

  1. An American Civilian had his mobile allegedly (and optionally proven) hacked.
  2. The hacker is not found, the one accused cannot be proven (at present) to be the hacker.
  3. This ends up with the UN?

And I am not alone here. Three days ago (after my initial findings) I see (at https://edition.cnn.com/2020/01/24/tech/bezos-hacking-report-analysts/index.html) the headline ‘Bezos hacking report leaves cybersecurity experts with doubts‘, there we see “independent security experts, some of whom say the evidence isn’t strong enough to reach a firm conclusion” as well as “several high-profile and respected researchers, highlights the limits of a report produced by FTI Consulting, the company Bezos hired to investigate the matter“, so basically, the hair lacking CEO, who owns the Washington Post (where Khashoggi used to work) is allegedly hacked, he seemingly hires FTI Consulting on what I personally believe to be a hack job on hacking phones and the UN is using that biased piece of work to slam Saudi Arabia? Did I miss anything?

Yes, I did, the quote “The report suggested the incident bore hallmarks of sophisticated hacking software“, the problem here is that there is no way to see WHERE IT CAME FROM. Yet other sources give out several pieces on WhatsApp and how other sources could have a free go at infesting people. All whilst we also see “the paper revealed a lack of sophistication that could have been addressed by specialized mobile forensics experts, or law enforcement officials with access to premium tools“, all this whilst the entire setting went around the existence of cyber divisions. There is a link Jeff Bezos – Amazon – FTI Consulting – United Nations. At no point in this do we see any police department, or the FBI, why is that?

As such when we see “A key shortcoming of the analysis, Edwards said, was that it relied on a restricted set of content obtained from Bezos’s iTunes backup. A deeper analysis, she said, would have collected detailed records from the iPhone’s underlying operating and file systems. Other security experts characterized the evidence in the report as inconclusive“, I would state that this is merely the beginning.

Rob Graham (CEO Errata security) gives us “It contains much that says ‘anomalies we don’t understand,’ but lack of explanations point to incomplete forensics, not malicious APT actors” and Alex Stamos, the former chief information security officer at Facebook and a Stanford University professor gives us “Lots of odd circumstantial evidence, for sure, but no smoking gun“, in all this the extreme geriatric Ron Wyden (Oregon) is asking questions from the NSA with the text “asked the director of the NSA whether he was confident that the Saudi government had not also sought to hack senior US government officials” with the emphasis on ‘also‘, a stage that is not proven, and more importantly is almost redundant in the hack job we got to read about. As such I am not surprised to see “FTI Consulting declined to comment“, I wonder why?

It is even more fun to see the CNN article have the stage where we see “a research group at the University of Toronto, offered a suggestion that could allow investigators to gain access to encrypted information that FTI said it could not unlock“, as such we see that there are skill levels missing in FTI, for the simple reason that this report was allowed to leave the hands of FTI Consulting, a Firm that is proudly advertising that they have 49 of the Global 100 companies that are clients. If I had anything to say about it, those 49 companies might have more issues down the road than they are ready for, especially as they have over 530 senior managing directors and none of them stopeed that flimsy report making it to the outside world. I would personally set a question mark to the claim of them being advisor to 96 of the world’s top 100 law firms. I would not be surprised if I could punch holes in more cases that FTI Consulting set advice to, in light of the Bezos report, it might not be too hard a stage to do.

CNN also has a few critical points that cannot be ignored. With “The report’s limited results are a reminder that it can be extremely challenging to reconstruct the activities of a determined, well-resourced hacker, said Kenneth White, a security engineer and former adviser to the Defense Department and Department of Homeland Security“, I do not disagree with that, but the stage where WhatsApp had a much larger problem, is a given, and the report does not bring that up for one moment, that report was all about painting one party whilst the reality of the stage was that there was an open floor on how it was done, yet the report silenced all avenues there. In addition, Chris Vickery (Director UpGuard) gives us “other evidence provided by FTI increased his confidence that Bezos was being digitally surveilled“. that is not in question, core information directs that way, yet the fact that it was a Saudi event cannot be proven, not whilst Jeff Bezos is around hundreds of people in most moments of the day, that part is the larger setting and FTI Consulting knowingly skated around the subject, almost as it was instructed to do so.

One expert who wanted to remain anonymous gave us all “There’s an absurd amount of Monday morning quarterbacking going on” as well as “This isn’t a movie — things don’t proceed in a perfect, clean way. It’s messy, and decisions are made the way they’re made“, that expert is not wrong, and he/she has a point, yet the foundation of the report shows a massive lack in critical thinking whilst the report relies in its text on footnotes (as one would) yet on page 3, the text is “Al Qahtani eventually purchased 20 percent ownership in Hacking Team, apparantly acquired on behalf of the Saudi government. 8

all whilst footnote 8 gives us “https://www.vice.com/en_us/article/8xvzyp/hacking-team-investor-saudi-arabia” so not only does the FTI Consulting Job rely on ‘apparantly‘, the article gives in the first paragraph “Hacking Team was thoroughly owned, with its once-secret list of customers, internal emails, and spyware source code leaked online for anyone to see” as such we see ‘spyware source code leaked online for anyone to see‘, how did FTI Consulting miss this? That and the WhatsApp issue in that same year opens up the optional pool of transgressors to all non state hackers with considerable knowledge, as such the amount of transgressors ups to thousands of hackers (globally speaking). 

FTI Consulting missed that! and it missed a lot more. The article also sets a link to David Vincenzetti and for some reason he is not even looked at, there is no stage in the FTI report that his input was sought out, which in light of all this is equally puzzling. He might not have had anything to report, or perhaps he had enough to report taking the focal point away from Saudi players, we will never know, the joke (read: report) is out in the open in all its glory on limitation. 

In light of all this, did the question by Ron Wyden to the NSA make sense? As far as I can see, I see several points of incompetance and that has nothing to do with the one expert stating that this is a messy, the entire setting was optionally incompetent and for certain massively incomplete. 

More importantly, the last paragraphs has more funny parts than a two hour show by Jimmy Carr. The quote is “Anyone who has had communication with either MBS or his brother Khaled should assume their phone is hacked. Congress needs to get answers from NSA on what it knew about the hack of Bezos phone, when it knew it, and what it has done to stop Saudi criminal hacking behavior” and it comes from CIA analyst Bruce Riedel. Now, the quote is fine, but the hilarious part is how it was phrased (expertly done). Lets go over it in my (super subtle) way: “Anyone who has had communication with either MBS or his brother Khaled should assume their phone is hacked by Saudi, US or Iranian officials. Congress needs to get answers from NSA for a change on a matter that they were never consulted on whilst the report ended up with the UN on what it knew about the hack of Bezos phone, a person who has a few billion and a lack of hair but beyond that has no meaning to the US economy, he keeps all his gotten gains, when it knew when the phone of a civilian was allegedly hacked and, and what it has done to stop Saudi criminal hacking behavior which is not proven at present other than by people who have something to gain from seeing the Saudi’s as the bad party (like Iran), all in a report that is lacking all levels of clarity and proper investigation“, this is an important setting here. Just like the disappearance of a Saudi columnist writing for the Washington Post (another Jeff Bezos affiliate), we do not proclaim Saudi Arabia being innocent, merely that the lack of evidence does not make them guilty, in the present the hacking issue does not make Saudi Arabia guilty, the irresponsible version of the FTI Consulting report shows a massive lack of evidence that makes any Saudi Arabian party more likely than not innocent of all this and as both reports have one UN Female French Essay writer in common, it is more and more like a smear campaign than an actual event to find out what actually happened. Who signed up for that? I wonder if the NSA did, I feel decently certain that until they get all the actual evidence that they do not want to get involved with political painting, their left foot is busy keeping them standing up in a world of hunkered and crouched idiots.

Yet that is just my simple personal view on the matter.

 

1 Comment

Filed under IT, Media, Military, Politics

That’s the way the money flows

The Independent had an interesting article 2 hours ago. The article (at https://www.independent.co.uk/news/world/americas/china-drones-spy-us-dhs-security-data-alert-a8922706.html). The title leaves little to the imagination with: ‘Chinese drones may be stealing sensitive information, DHS warns‘, after the Trump google play, after his refusal to submit to subpoena’s, after the anti Huawei activities that so far has never yielded any active evidence (the 8 year old case was settled within months are done with). Now we see: “Chinese-made drones in America may be sending sensitive data to their manufacturers back home where it can be accessed by the government, the United States Department of Homeland Security (DHS) has warned“, which might be a nightmare if it was not so hilarious. You see the next quote: “CNN, which obtained the internal alert, reported that the DHS fears drones will offer Chinese intelligence unfettered access to American data“, it comes across like we have a case where a CNN reporter has been hit by a silly stick and never recovered. Consider the drones we see, there is no space to have a dedicated hack system on board. Yes some can be done with a mobile, and there is plenty of space in that device, now consider the ‘sensitive’ data that needs to be found, the data needs to be connected to (and with all these faulty Cisco routers that is relatively easy at present), then a selection needs to be downloaded and that is merely for one place, one device. All this stops when any person uses common cyber sense. It is the revelation that we see next, that is the one that matters. With: “Though the alert didn’t name specific companies, the vast majority of drones used in the US and Canada are made by the Shenzen based Company, DJI, CNN reported” we see the part that matters. As drone services are up on an almost exponential growth as we see the push that got there. The news from November 2016 gave us: “Domino’s Pizza Enterprises Limited (Domino’s) and drone delivery partner Flirtey delivered the first order, a Peri-Peri Chicken Pizza, and a Chicken and Cranberry Pizza“. Consider the option to avoid traffic in New York, Los Angeles, San Francisco, Boston, Chicago, Seattle, Pittsburgh, all places with massive congestion. Drones are the optionally the newest quick way to deliver food, Amazon needs, Walmart needs, all in growing need due to the events where retailers and shippers combine forces to avoid a few items, and with congestion set to zero, people will flock to that consideration. Now the operational part, it seems that DJI is ahead of the curve, another Chinese company decided to truly innovate and now that the push is there and America is bankrupt (as I personally see it) anything possible to avoid money going to China, America is taking a pot shot at that. So when we are also treated to: “A spokesman for DJI denied that any information was being transmitted to it from its drones, adding that the security of its technology has been independently verified by the US government.” I start wondering if DHS was able to do its job properly. Now let’s be clear, there is no doubt that ANY drone can be used for espionage, especially if it is quiet enough. Yet is that the issue for DJI, or is that an issue with the spy that utilises drone technology? Yet that is actually not the only side, on the other side we see mentioned: “Those concerns apply with equal force to certain Chinese-made (unmanned aircraft systems)-connected devices capable of collecting and transferring potentially revealing data about their operations and the individuals and entities operating them, as China imposes unusually stringent obligations on its citizens to support national intelligence activities,” Now, this part does make sense. It is the same as the Apple Fitbit, that due to its global nature started to hand out the jogging patterns of Special forces in the Middle East, so within 3 days several members of the two dozen operatives had a check on their calorie burning and health, whilst the mapping data showed the world where the CIA black site was (oh apologies, I meant to say a military specialist endeavouring location of an undetermined nature). The question becomes how was the ‘the security of its technology has been independently verified by the US government‘ achieved? Was that verification process competent, or perhaps slightly less so?

I am not stating my verdict in either direction; yet the entire Huawei mess, as well as the DJI setting implies that the growth industries are shunned from America, mainly because it is not an American industry. Yet in all this, the forget that places like the EU and India are large enough to go forward with both players and truly grow further, whilst the downturn and the economic lag that the US is creating will merely grow the loss of momentum and the recession it will fuel in other ways. I would consider that the setback that Google is trying to create will have larger repercussions down the road. As larger Data vendors will now optionally choose the Chinese side, they will grow market share. You see no matter how it is sliced, all this is data based and data can only grow if there is usage. So when people remain with Huawei as their phone keeps on working, we see that there is a larger concern soon enough. At some point people will stop trusting Samsung, Google and Apple phones, which works out nicely for several players (Microsoft actually more than most), what do you think happens when the larger share of 14.7% of a global market changes to player three and not use Google apps to some degree? Google momentum relies on non-stop data and usage, when a third of the 60% that these three cover stops, do you think that this has no impact for Google?

The same applies to drones. You see intelligence makes the drone and as it grows its market share and the collected data of drone usage is set, the innovation of DJI grows faster. It is the difference between generation now and generation 2022, DJI will grow and can grow in several directions, yet the entire the setting of ‘data theft’ we see that there is a lack of ‘what’ data. What data is collected, the flight path? Well, I think we all need to know in 2023 what flight path was taken for the delivery of 342,450 pizza’s delivered per hour, is it not? It is not that Google Map has that data, and within a building in New York, is there truly a clear sign in the drone itself who exactly the merchandise was for, or was that on the box (instead of the drone). Now, there is no denying that some of that data would optionally be accessible to the Chinese government? Yet what data, what level of data? Do you think that they have time for the hundreds of drones and the data whilst they can monitor 20,000 times that data with a spy satellite (and an additional truckload of data that the drone never had in the first place?

It is when I see ‘unfettered access to American data‘ where the questions become pressing. It is like watching Colin Powell coming into a non-disclosed location with his silver briefcase and in the end the lack of WMD’s, are we going in that direction again? when I see ‘unfettered access to American data‘, it is at that moment I see the optional comparison (an extreme lose comparison mind you) with the innocent preachers daughter who did the naughty thing to 30% of the boys coming to Sunday sermon, having attempted things I cannot even rent on adult video. It is the CNN article (at https://edition.cnn.com/2019/05/20/politics/dhs-chinese-drone-warning/index.html) that gives additional rise to concerns. When you see: “Users are warned to “be cautious when purchasing” drones from China, and to take precautionary steps like turning off the device’s internet connection and removing secure digital cards. The alert also warns users to “understand how to properly operate and limit your device’s access to networks” to avoid “theft of information.”” It seems to me that there are dozens of ways to get this data, a drone seems like an expensive long way round-trip to get to that data, whilst more can be accessed in several other ways and it is the speculation through ‘device’s internet connection‘, so when we see one of these devices (at https://www.dji.com/au/phantom-4-pro-v2/info#specs), we are treated to: “The new Phantom 4 Pro V2.0 features an OcuSync HD transmission system, which supports automatic dual-frequency band switching and connects to DJI Goggles wirelessly“, where did the internet come in? Yes there is an app, to get a live view from the drone, so what ‘unfettered access to American data‘ could there be that Google Maps at present does not have in more detail?

It is the next part that is the actual ace. When we see: “DJI, which reported $2.7 billion in revenue in 2017, is best known for its popular Phantom drone. Introduced in 2013, the drone is the top-selling commercial drone on the market“, information the Independent did not give us, that is the actual stage as I personally see it. It was $2.7 billion in 2017, there is no doubt that when drone delivery truly takes off, at that point revenue that sits between $15 and $27 billion is not unrealistic, the dire need to avoid congestion on a global scale will drive it and that is before you realise the non-US benefits in London, Amsterdam, Paris, Berlin, Munich, Madrid, Barcelona, Rome, Athens, Moscow. At that point you will see stronger growth and I haven’t even looked at the opportunities in a place like Mumbai, Tokyo, Delhi, Bangkok, Rio, Buenos Aires and Sydney yet. Everything leaves me with the impression that this is not about security, it is about money. That fact can be proven when you realise that everyone remains silent on the 29 new vulnerabilities that Cisco reported merely a month ago. How many Cisco router stories have come from that non-technologically refined White House, where they are currently optionally limited by “Cisco routers, including ones that can be found in malls, large companies or government institutions, are flawed in a way that allows hackers to steal all of the data flowing through them“, the cybersecurity company Red Baron handed out that issue to the media last week, so who picked up on that danger to ‘unfettered access to American data‘? And when you consider ‘it allows potential malicious actors to bypass the router’s security feature, Trust Anchor. This feature has been standard in Cisco’s routers since 2013‘, when we realise that Cisco is a household name on a global scale (especially when connected to the internet), the entire Cisco matter seems to be at least 15,000 times worse than any DJI drone ever could be, and the fact that DHS remains silent on that gives (again, as I personally see it) is added proof that this is merely about the money and the fact that US companies are losing markets on a global scale.

I could set the stage by singing ‘All ‘Bout the money‘ by Meja and ‘That’s the way the money goes‘ by M, but then, I realise that people would most likely pay me serious money not to sing (my voice is actually that bad).

That’s the way the money flows, specifically at present in a direction that the US is for the foreseeable future most displeased about.

 

1 Comment

Filed under Finance, IT, Media, Military, Science

Telstra, NATO and the USA

There are three events happening, three events that made the limelight. Only two seem to have a clear connection, yet that is not true, they all link, although not in the way you might think.

Telstra Calling

The Guardian (at https://www.theguardian.com/business/2018/jun/20/telstra-to-cut-8000-jobs-in-major-restructure) starts with ‘Telstra to cut 8,000 jobs in major restructure‘. Larger players will restructure in one way or another at some point, and it seems that Telstra is going through the same phase my old company went through 20 years ago. The reason is simple and even as it is not stated as such, it boils down to a simple ‘too many captains on one ship‘. So cut the chaff and go on. It also means that Telstra would be able to hire a much stronger customer service and customer support division. Basically, it can cut the overhead and they can proclaim that they worked on the ‘costing’ side of the corporation. It is one way to think. Yet when we see: “It plans to split its infrastructure assets into a new wholly owned business unit in preparation for a potential demerger, or the entry of a strategic investor, in a post-national broadband network rollout world. The new business unit will be called InfraCo“. That is not a reorganisation that is pushing the bad debts and bad mortgages out of the corporation and let it (optionally) collapse. The congestion of the NBN alone warrants such a move, but in reality, the entire NBN mess was delayed for half a decade, whilst relying on technology from the previous generation. With 5G coming closer and closer Telstra needs to make moves and set new goals, it cannot do that without a much better customer service and a decently sized customer support division, from there on the consultants will be highly needed, so the new hiring spree will come at some stage. The ARNnet quote from last month: “Shares of Australia’s largest telco operator Telstra (ASX:TLS) tumbled to their lowest in nearly seven years on 22 May, after the firm was hit by a second major mobile network service outage in the space of a month“, does not come close to the havoc they face, it is not often where one party pisses off the shareholders, the stakeholders and the advertisers in one go, but Telstra pulled it off!

A mere software fault was blamed. This implies that the testing and Q&A stage has issues too, if there is going to be a Telstra 5G, that is not a message you want to broadcast. The problem is that even as some say that Telstra is beginning to roll out 5G now, we am afraid that those people are about to be less happy soon thereafter. You see, Telstra did this before with 4G, which was basically 3.5G, now we see the Business Insider give us ‘Telstra will roll out 2Gbps speeds across Australian CBDs within months‘, but 2Gbps and 10Gbps are not the same, one is merely 20%, so there! Oh, and in case you forgot the previous part. It was news in 2011 when ABC gave us (at http://www.abc.net.au/technology/articles/2011/09/28/3327530.htm) “It’s worth pointing out that that what Telstra is calling 4G isn’t 4G at all. What Telstra has deployed is 1800MHz LTE or 3GPP LTE that at a specification level should cap out at a download speed of 100Mb/s and upload speed of 50Mbps [ed: and the public wonders why we can’t just call it 4G?]. Telstra’s sensibly not even claiming those figures, but a properly-certified solution that can actually lay claim to a 4G label should be capable of downloads at 1 gigabit per second; that’s the official 4G variant known as LTE-A. Telstra’s equipment should be upgradeable to LTE-A at a later date, but for now what it’s actually selling under a ‘4G’ label is more like 3.7-3.8G. “3.7ish G” doesn’t sound anywhere near as impressive on an advertising billboard, though, so Telstra 4G it is“, which reflects the words of Jeremy Irons in Margin Call when he states: “You can be the best, you can be first or you can cheat“. I personally think that Telstra is basically doing what they did as reported in 2011 and they will market it as ‘5G’, giving premise to two of the elements that Jeremy Irons mentioned.

This now gives a different visibility to the SMH article last week (at https://www.smh.com.au/business/companies/how-a-huawei-5g-ban-is-about-more-than-espionage-20180614-p4zlhf.html), where we see “The expected ban of controversial Chinese equipment maker Huawei from 5G mobile networks in Australia on fears of espionage reads like a plot point from a John le Carre novel. But the decision will have an impact on Australia’s $40 billion a year telecoms market – potentially hurting Telstra’s rivals“, as well as “The Sydney Morning Herald and The Age reported in March that there were serious concerns within the Turnbull government about Huawei’s potential role in 5G – a new wireless standard that could be up to 10 times as powerful as existing mobile services, and used to power internet connections for a range of consumer devices beyond phones“, you see I do not read it like that. From my point of view I see “There are fears within the inner circle of Telstra friends that Huawei who is expected to offer actual 5G capability will hurt Telstra as they are not ready to offer anything near those capabilities. The interconnectivity that 5G offers cannot be done in the currently upgradable Telstra setting of a mere 2bps, which is 20% of what is required. Leaving the Telstra customers outside of the full range of options in the IoT in the near future, which will cost them loads of bonus and income opportunities“. This gives two parts, apart from Optus getting a much larger slice of the cake, the setting is not merely that the consumers and 5G oriented business is missing out, private firms can only move forward to the speed that Telstra dictates. So who elected Telstra as techno rulers? As for the entire Huawei being “accused of spying by lawmakers in the US“, is still unfounded as up to now no actual evidence has been provided by anyone, whilst at the same speed only a week ago, the Guardian gave us ‘Apple to close iPhone security gap police use to collect evidence‘, giving a clear notion that in the US, the police and FBI were in a stage where they were “allowed to obtain personal information from locked iPhones without a password, a change that will thwart law enforcement agencies that have been exploiting the vulnerability to collect evidence in criminal investigations“, which basically states that the US were spying on US citizens and people with an iPhone all along (or at least for the longest of times). It is a smudgy setting of the pot calling the kettle a tea muffler.

The fact that we are faced with this and we prefer to be spied on through a phone 50% cheaper is not the worst idea. In the end, data will be collected, it is merely adhering to the US fears that there is a stronger setting that all the collected data is no longer in the US, but in places where the US no longer has access. That seems to be the setting we are confronted with and it has always been the setting of Malcolm Turnbull to cater to the Americans as much as possible, yet in this case, how exactly does Australia profit? I am not talking about the 37 high and mighty Telstra ‘friends’. I am talking about the 24,132,557 other Australians on this Island, what about their needs? If only to allow them than to merely get by on paying bills and buying food.

Short term and short sighted

This gets us to something only thinly related, when we see the US situation in ‘Nato chief warns over future of transatlantic relationship‘. The news (at https://www.theguardian.com/world/2018/jun/19/transatlantic-relationship-at-risk-says-nato-chief) has actually two sides, the US side and the side of NATO. NATO is worried on being able to function at all. It is levied up to the forehead in debts and if they come to fruition, and it will they all drown and that requires the 27 block nation to drastically reduce defence spending. It is already trying to tailor a European defence force which is a logistical nightmare 6 ways from Sunday and that is before many realise that the communication standards tend to be a taste of ‘very nationally’ standard and not much beyond that point. In that regard the US was clever with some of their ITT solutions in 1978-1983. Their corn flaky phones (a Kellogg joke) worked quite well and they lasted a decent amount of time. In Europe, most nations were bound to the local provider act and as such there were all kinds of issues and they all had their own little issues. So even as we read: “Since the alliance was created almost 70 years ago, the people of Europe and North America have enjoyed an unprecedented period of peace and prosperity. But, at the political level, the ties which bind us are under strain“, yup that sounds nice, but the alliances are under strain by how Wall Street thinks the funding needs to go and Defence is not their first priority, greed is in charge, plain and simple. Now, to be fair, on the US side, their long term commitment to defence spending has been over the top and the decade following September 11 2001 did not help. The spending went from 10% of GDP up to almost 20% of GDP between 2001 and 2010. It is currently at about 12%, yet this number is dangerous as the economy collapsed in 2008, so it basically went from $60 billion to $150 billion, which hampered the infrastructure to no end. In addition we get the splashing towards intelligence consultants (former employees, who got 350% more when they turned private), so that expenditure became also an issue, after that we see a whole range of data gathering solutions from the verbose (and not too user friendly) MIIDS/IDB.

In CONUS (or as you might understand more clearly the contiguous United 48 States; without Alaska and Hawaii), the US Army Forces Command (FORSCOM) Automated Intelligence Support Activity (FAISA) at Fort Bragg, NC, has access to the MIIDS and IDB by tactical users of the ASAS, and they maintain a complete copy of DIA’s MIIDS and IDB and update file transactions in order to support the tactical user. So there are two systems (actually there are more) and when we realise that the initial ASAS Block I software does not allow for direct access from ASAS to the FAISA System. So, to accomplish file transfer of MIIDS and IDB files, we are introduced to a whole range of resources to get to the data, the unit will need an intermediate host(s) on the LAN that will do the job. In most cases, support personnel will accomplish all the file transfers for the unit requesting that intel. Now consider 27 national defence forces, one European one and none of them has a clue how to get one to the other. I am willing to wager $50 that it will take less than 10 updates for data to mismatch and turn the FAISA system into a FAUDA (Arabic for chaos) storage system, with every update taking more and more time until the update surpasses the operational timeframe. That is ample and to the point as there is a growing concern to have better ties with both Israel and Saudi Arabia, what a lovely nightmare for the NSA as it receives (optionally on a daily basis) 9 updates all containing partially the same data (Army-Navy, Army-Air force, Army-Marines, Navy-Air force, Navy-Marines, Air force-Marines, DIA, DHS and Faisa HQ). Yes, that is one way to keep loads of people employed, the cleaning and vetting of data could require an additional 350 hours a day in people to get the vetting done between updates and packages. In all this we might see how it is about needing each other, yet the clarity for the US is mostly “Of the 29 Nato members, only eight, including the US and the UK, spend more than 2% of their GDP on defence, a threshold that the alliance agreed should be met by all the countries by 2024. Germany spent €37bn (£32.5bn), or 1.2% of GDP, on defence last year“, it amounts to the US dumping billions in an area where 28 members seem to have lost the ability to agree to standards and talk straight to one another (a France vs Germany pun). In all this there is a larger issue, but we will now see that in part three

Sometimes a cigar is an opportunity

you see, some saw the “‘Commie cadet’ who wore Che Guevara T-shirt kicked out of US army” as an issue instead of an opportunity. The article (at https://www.theguardian.com/us-news/2018/jun/19/west-point-commie-cadet-us-army-socialist-views-red-flags) gives light to some sides, but not to the option that the US basically threw out of the window. You see the Bill of rights, a mere piece of parchment that got doodled in 1789 offering things like ‘freedom to join a political party‘, as we see the setting at present. The issue as I see it is the overwhelming hatred of Russia that is in play. Instead of sacking the man, the US had an opportunity to use him to see if a dialogue with Cuba could grow into something stronger and better over time. It might work, it might not, but at least there is one person who had the option to be the messenger between Cuba and the US and that went out of the window in a heartbeat. So when we see: “Spenser Rapone said an investigation found he went online to advocate for a socialist revolution and disparage high-ranking officers and US officials. The army said in a statement only that it conducted a full investigation and “appropriate action was taken”“. Was there a full investigation? To set this in a proper light, we need to look at NBC (at https://www.nbcnews.com/news/us-news/sexual-assault-reports-u-s-military-reach-record-high-pentagon-n753566), where we see: “Service members reported 6,172 cases of sexual assault in 2016 compared to 6,082 last year, an annual military report showed. This was a sharp jump from 2012 when 3,604 cases were reported“, we all should realise that the US defence forces have issues, a few a hell of a lot bigger than a person with a Che Guevara T-Shirt. So when we ask for the full investigations reports of 6172 cases, how many have been really investigated, or prosecuted on? NBC reported that “58 percent of victims experienced reprisals or retaliation for reporting sexual assault“, so how exactly were issues resolved?

Here we see the three events come together. There is a flawed mindset at work, it is flawed through what some might call deceptive conduct. We seem to labels and when it backfires we tend to see messages like ‘there were miscommunications hampering the issues at hand‘, standards that cannot be agreed on, or after there was an agreement the individual players decide to upgrade their national documents and hinder progress. How is that ever going to resolve issues? In all this greed and political needs seem to hinder other avenues though players that should not even be allowed to have a choice in the matter. It is the setting where for close to decades the politicians have painted themselves into a corner and are no longer able to function until a complete overhaul is made and that is the problem, a solution like that costs a serious amount of funds, funds that are not available, not in the US and not in Europe. The defence spending that cannot happen, the technology that is not what is specified and marketing will merely label it into something that it is not, because it is easier to sell that way. A failing on more than one level and by the time we are all up to speed, the others (read: Huawei) passed us by because they remained on the ball towards the required goal.

So as we are treated to: “A parliamentary hearing in Sydney got an extra touch of spice yesterday, after the chief executive of NBN Co appeared to finger one group of users supposedly responsible for congestion on NBN’s fixed wireless network: gamers“, whilst the direct setting given is “Online gaming requires hardly any bandwidth ~10+ megabytes per hour. A 720p video file requires ~ 500+ megabytes per hour. One user watching a YouTube video occupies the same bandwidth as ~50 video gamers“, we can argue who is correct, yet we forgot about option 3. As was stated last week we see that the largest two users of online games were Counterstrike (250MB/hour) add Destiny 2 (300 MB/hour), whilst the smallest TV watcher ABC iView used the same as Destiny 2, the rest a multitude of that, with Netflix 4K using up to 1000% of what gamers used (in addition to the fact that there are now well over 7.5 million Netflix users, whilst the usage implies that to be on par, we need 75 million gamers, three times the Australian population). Perhaps it is not the gamers, but a system that was badly designed from the start. Political interference in technology has been a detrimental setting in the US, Europe and Australia as well, the fact that politicians decide on ‘what is safe‘ is a larger issue when you put the issues next to one another. If we openly demand that the US reveal the security danger that Huawei is according to them, will they remain silent and let a ‘prominent friend‘ of Telstra speak?

When we look one tier deeper into NATO, they themselves become the source (at https://www.nato-pa.int/document/2018-defence-innovation-capitalising-natos-science-and-technology-base-draft-report) with: ‘Capitalising on Nato’s Science and Technology Base‘. Here we see on page 5: “In an Alliance of sovereign states, the primary responsibility to maintain a robust defence S&T base and to discover, develop and adopt cutting-edge defence technologies lies with NATO member states themselves. Part of the answer lies in sufficient defence S&T and R&D budgets“. It is the part where we see: ‘adopt cutting-edge defence technologies lies with NATO member states themselves‘ as well as ‘sufficient defence S&T and R&D budgets‘. You introduce me to a person that shows a clear partnership between the needs of Philips (Netherlands) and Siemens (Germany) and I will introduce you to a person who is knowingly miscommunicating the hell out of the issue. You only need to see the 2016 financial assessment: “After divesting most of its former businesses, Philips today has a unique portfolio around healthy lifestyle and hospital solutions. Unlike competitors like GE Healthcare and Siemens Healthineers, the company covers the entire health continuum” and that is merely one field.

Rubber Duck closing in on small Destroyer.

In that consider a military equivalent. The 5th best registered CIWS solution called MK15 Phalanx (US), the 3rd position is for the Dutch Goalkeeper (Thales Netherlands) and the 2nd best CIWS solution comes from the US with the Raytheon SeaRAM. Now we would expect every nationality would have its own solution, yet we see the SeaRAM was only adopted by Germany, why is it not found in the French, Italian, Spanish and Canadian navy? Belgium has the valid excuse that the system is too large for their RIB and Dinghy fleet, but they are alone there. If there is to be true connectivity and shared values, why is this not a much better and better set partnership? Now, I get that the Dutch are a proud of their solution, yet in that entire top list of CIWS systems, a larger group of NATO members have nothing to that degree at all. So is capitalising in the title of the NATO paper actually set to ‘gain advantage from‘, or is it ‘provide (someone) with capital‘? Both are options and the outcome as well as the viability of the situation depending on which path you take. So are the Australians losing advantage from Telstra over Huawei, or are some people gaining huge lifestyle upgrades as Huawei is directed to no longer be an option?

I will let you decide, but the settings are pushing all boundaries and overall the people tend to not benefit, unless you work for the right part of Palantir inc, at which point your income could double between now and 2021.

 

2018 – DEFENCE INNOVATION – ALLESLEV DRAFT REPORT – 078 STC 18 E

2 Comments

Filed under Finance, Gaming, IT, Media, Military, Politics, Science

In speculated anticipation

This is on a matter that is slippery like a promiscuous nymphomaniac lady contemplating monogamy. In a world where any person next to you could be a pimp, a whore or merely psychotic. Welcome to the cold war! Merely a few hours ago, the Guardian gave us ‘Obama orders sanctions on Russia after campaign hacking during US election’ (at https://www.theguardian.com/us-news/2016/dec/29/barack-obama-sanctions-russia-election-hack). Now, we have known the CIA and other parties to be blatantly incorrect when it came to Sony and North Korea. Yet, here in this case, there are a few elements in play where it is indeed more likely than not that if there was real interference that Russia would have been guilty, involved or at the very least privy to the events. In this China is a lot less likely, because as business deals go, they are a lot better of with the Ignorance of former State Secretary Hillary Clinton, than they will ever be with President elect Donald Trump, so as the calling of garden grooming spades, the one turning the soil is overly likely to be the Russian side.

There was an earlier article referred to in this one, where we see: “He dodged whether Putin personally directed the operations but pointedly noted “not much happens in Russia without Vladimir Putin”“, which is actually incorrect. You see, and President Barack Obama know this to be an absolute truth is that deniability is essential in some operations. Yet, in this even as President Vladimir Putin would have been kept in the dark (likely by his own request), it is less likely that Sergey Kuzhugetovich Shoygu is involved, yet if the GRU was involved than Igor Korobov would know for sure. You see, the FSB is the second option, yet for those who have seen some of the reports that Darknet has regarding investigative journalist Andrei Soldatov gives at some parts the inclination that the FSB funding on more advanced cyber actions was lacking making the GRU the opponent of choice. This comes with the assumption from my side that less advanced equipment would have given US cyber sides a lot more data to show earlier that Russia was intervening with the elections. The reports of a group called Fancy Bear gives way to the technology they get access to and the places they can access them at. There is another piece that I have not been able to confirm, it is speculative and even as it gives base to giggles of all matters, it remains a speculation. It is said that Fancy Bear operatives have been able to work from North Stockholm, if so, they might have accessed the IBM backbone there, which has a massive amount of data pushing power. Giving way that the US gave powers to enable hacking of the US election system, live is just too cynical at times.

Another quote is also linked to this, but not from the cyber point of view. “Obama repeatedly weighed in on what he saw as increased polarization in the United States. “Over a third of Republican voters approve of Vladimir Putin, the former head of the KGB. Ronald Reagan would roll over in his grave. How did that happen?”“, in that my response would be ‘Well Mr President, if you had gotten of your ass and actually do things instead of politicising things. If you would have actually kept a budget and not push the US into 20 trillion of national debt people might be less on the fence for the other side, right?‘ There will be no reply because not only as this administration been close to useless, the actions of the last few days where the new electorate gets an agenda pushed down its throat where a clear cooperation with terrorist organisations is seen is plenty of food for thought, yet that rave needs to seize as it does not completely apply to the case at hand!

There are however other matters for concern “In a conference call with reporters, senior White House officials said its actions were a necessary response to “very disturbing Russian threats to US national security”“, which beckons three things:

1. Why was it a conference call and not on every video or a live presentation?
2. Wow long has this been actually known?
3. Where is the actual evidence?

Like Sony, like other parts, the press wants to see evidence and NONE has been presented. No station, as far as I have been able to tell has shown any schematic on how the election could have been tampered with evidence. There are hundreds of anti-Clinton and anti-Trump conspiracy theorist videos, yet none form any reputable news channel. Which also now gives voice to the thought whether the US intelligence branch in this administration has been the biggest joke ever (North Korean accusations et al).

Still in all this, the US is pushing for a cold war, which might not be the worst thing, yet as the US is to be regarded as bankrupt, the upgrades that will involve a data centre and 4-6 billion in equipment and resources is something there will be no room for any day soon.

So what is this about? Is this about the Democrats being really sore losers? I am not sure what to think, yet the entire approach via conference calls, no presentation of evidence, there are a few too many issues here. In addition, if there was evidence, do you not think that President Obama would present it, to show at least that he is capable of publicly smiting President Putin? Let’s face it, he does need to brownie points. Yet, in light of some evidence not shown, the actions at the 11th hour, are they a sign that the Democratic Party will be relying on act that some could regard as Malfeasance in office? Of course these people will not need to give a second thought as they will be removed from office in a few weeks, yet to leave open the next public officials to added pressures to clean up not just their last 8 years of action, but in addition acts of impeding elected officials could have long term consequences. Let’s not forget that the Republican Party starts with both a Republican Senate and Congress, as well as their guy in the White House, so if the Democratic Party wants anything to happen, being nice is pretty much their only option.

In addition, when we look at the US recount (at https://www.theguardian.com/us-news/2016/dec/28/election-recount-hacking-voting-machines), we see first off ‘US recounts find no evidence of hacking in Trump win but reveal vulnerabilities‘, in addition we see “In Wisconsin, the only state where the recount was finished, Trump’s victory increased by 131 votes, while in Michigan, where 22 of 83 counties had a full or partial recount, incomplete data suggests was a net change of 1,651 votes, “but no evidence of an attack”“, which is not amounting to evidence in total, we do see that two places were not intervened with, still the system is setting the pace that there are future concerns. The message ““We didn’t conclude that hacking didn’t happen,” he told the Guardian, but “based on the little evidence we have, it is less likely that hacking influenced the outcome of the election” does clearly state that hacking did not happen, it is given with some clarity that any hacking if it happened, that the outcome was not influenced by hacking. This now gives rising concerns to James Comey and what is happening on his watch. More important, the responses that the Guardian had (at https://www.theguardian.com/technology/2016/dec/29/fbi-dhs-russian-hacking-report) where we see “The report was criticized by security experts, who said it lacked depth and came too late” as well as “Jonathan Zdziarski, a highly regarded security researcher, compared the joint action report to a child’s activity center“, which is not the first time we see it. More important is the quote “Tom Killalea, former vice-president of security at Amazon and a Capital One board member, wrote: “Russian attack on DNC similar to so many other attacks in past 15yrs. Big question: Why such poor incident response?”” is exactly the issue I had in the initial minute of the information being read by me and that is not the only part of it. The fact that the involved parties seem to be lacking more and more in advising actions as well as a clear cyber security pathway (the Clinton private mail server issues) that is correctly enforced and checked upon. The utter lack of proper ‘Common Cyber Sense‘ as seen for close to a decade at present all over official and governmental US is cause for a large amount of problems, yet the amount of evidence produced that there actually was Russian Cyber actions into changing the election results have not been brought and was brought was done in a very unconvincing way, in a way that top people had deniability of involvement in fingering the Russians. The PDF reads like something less serious in a few ways. You see, the techniques described are not wrong, but it leaves it open to who was the participating party. It could have been mere private hackers, the Russian Mafia is also a cyber-player. The fact that alleged actions from summer 2015 are only now coming into the light.  Is that not equally strange? By the way, the fact that Russian intelligence would try to ‘visit’ the files of the US Democratic Party is not that weird. Is there any indication that NSA, GCHQ and ANSSI would not have been accessing (or trying to) the United Russian party servers for intelligence is equally silly! Neither shows intent to influence an election. Let’s face it, Benghazi was a large enough mess to sway the vote in the first place and US insiders were all too happy to leak information, the Russian merely had to sit back, laugh and drink Vodka. In addition, the fact that malware was on the systems in not in question, it happens too often in too many places, yet clear evidence that APT28 or APT29 were the culprits implies router information, router data and clear information on when EXACTLY is happened (summer 2015 is a little too wide). More important, this also implies that proper malware defence was NEVER in place, so how shallow do these people want to get?

From page 8 we start seeing the true ability of the intelligence to envelope themselves into the realm of comedy. Items like ‘Update and patch production servers regularly‘ and ‘Use and configure available firewalls to block attacks‘ as well as ‘Perform regular audits of transaction logs for suspicious activity‘, these events should have been taking place for a long time, the fact that registered events from 2015 and now show that these mitigation elements are mentioned imply the fact that IT reorganisation has been essential is a larger issue and heavy on comedy if that has been absent for 2+ years. I think negligence becomes a topic of discussion at that point. The least stated on ‘Permissions, Privileges, and Access Controls‘ the better, especially if they haven’t been in place. So in retrospect, not having any ‘evidence’ published might have been better for the Democratic Party and especially for James B. Comey and Jeh Johnson. The main reason is that these events will have a longer term implications and certain parties will start asking questions, if they don’t, those people might end up have to answer a few questions as well.

In that regard the Guardian quote “The question hasn’t even been asked: ‘Did you take basic measures to protect the data that was on there?’“, a question that seems basic and was basically voiced by Sean Spicer on CNN. The fact that according to 17 intelligence agencies agree (as quoted by CNN), brings worry to those agreeing and the laughable bad quality PDF that was released. Consider that we are seeing the reaction of unanimous agreed intelligence without any clear presented evidence, actual evidence, so what are they agreeing on? As stated by Sean Spicer in the CNN interview, the burden of proof is on the intelligence community. Especially as there is an implied lack of due diligence of the Democratic National Committee to secure their IT systems. The fact that the implied lack of diligence should give view to the fact that there are plenty of American citizens that are anti democrats in the US alone to give worry on WHO have been jogging through the DNC servers.

A view that seems to have been overlooked by plenty of people as well.

In the act of anticipated speculation we should speculate that proper presentation of the evidence will be forthcoming. The presentation on a level that will give a positive response from security experts will be a lot to ask for, yet in all this, you should be asking yourself the one question that does matter, it is possible that the FBI got it wrong three times in a row? If so, in how much trouble is Cyber America?

 

Leave a comment

Filed under IT, Law, Media, Military, Politics

A leaky Cauldron is a just sif!

Well, as we are moving into the final days of President Obama, we get to see one more rodeo of entertainment, amusement and comedy. You see the headline ‘Barack Obama delivers stinging critique of FBI: ‘We don’t operate on leaks’‘, we can argue that they actually do, or we can howl with laughter, because for the most, the Obama administration created leaks, it did close to nothing to do something about it that would actually work. For one, here is a quote from thinkprogress.org. It is from August 7th 2015: “Congress’s Cybersecurity Plan Has Some Major Flaws“, this is in his second presidency and we see Congress not being even close to resolving essential issues that should have been addressed well before 2008. This level of inaccuracy (read: incompetence) is shown in “Civil liberties groups including the Electronic Freedom Foundation (EFF), New America, and American Civil Liberties Union (ACLU) urged the public to call their senators to persuade them to vote against, what even the Department of Homeland Security has deemed, a flawed bill with more than 20 proposed amendments“. So an issue where the ACLU and the DHS are on the same page, even when taking decent amounts of LSD, the world would still seem more logical, when ACLU and DHS are on the same page, the matter is a lot more critical than some make it out to be.

When we look back to 2013, when Robert Gates, the former Defence Secretary, reveals in his book ““reveals the depth of Mr. Obama’s concerns over leaks of classified information to news outlets, noting that within his first month in office, the new president said he wanted a criminal investigation into disclosures on Iran policy published by The New York Times.”“, we see that President Obama, knows all about leaks, they were at the centre of his core for two terms, so when we see again and again that the ball was dropped, what does that state about the president and his administration that keeps on twisting their ‘cyber’ thumbs?

Yet in all this, it was the Guardian who gave us (at https://www.theguardian.com/us-news/2016/nov/03/fbi-leaks-hillary-clinton-james-comey-donald-trump) an essential issue “Even some congressional Republicans, no friends to Clinton, have expressed discomfort with Comey’s last-minute insertion of the bureau into the election“, apart from what I discussed in my blog ‘As messages pass by‘ two days ago, there is one other part that must be mentioned in all fairness, because this is about the situation, not about anti-Clinton rants. The quotes are “As The Post’s Sari Horwitz reported on Saturday, “a largely conservative investigative corps” in the bureau was “complaining privately that Comey should have tried harder to make a case” against Clinton“, as well as “Rep. Jason Chaffetz (R-Utah), chair of the Oversight Committee, quickly tweeted news of Comey’s letter Friday and stated: “Case reopened.” This is not what Comey said (and technically the Clinton case was never closed). But many in the media bought Chaffetz’s hype, especially in early accounts. That’s what happens when an FBI director hands an explosive but muddled letter to a Republican-led Congress. In fact, Chaffetz had already made clear that if Clinton wins, the GOP’s top priority will be to keep the Clinton investigative machine rolling“, which came from https://www.washingtonpost.com/opinions/comey-gives-in-to-shameful-partisanship/2016/10/30/c31c714a-9ed8-11e6-8d63-3e0a660f1f04_story.html and this clearly shows two elements. One is that the republicans via Congressman Jason Chaffetz, Republican from Utah pushed. For those who think that this doesn’t matter, consider the following which we get from the FBI Website (at https://www.fbi.gov/about/faqs ). “Who monitors or oversees the FBI? The FBI’s activities are closely and regularly scrutinized by a variety of entities. Congress—through several oversight committees in the Senate and House—reviews the FBI’s budget appropriations, programs, and selected investigations. The results of FBI investigations are often reviewed by the judicial system during court proceedings…“, so when Congress pushes the FBI, it has bearing and impact (although ‘bearing’ would be allegedly). So whilst the media is going all out against Director James B. Comey, can we agree that Congress was pushing and in addition, the fact remains that Hillary Clinton could still up ending to be regarded as criminally negligent.

Now that last accusation needs explaining, and funnily enough, for the most, we all have that evidence. Those who have a job, ask yourself how many bosses allow you to do company business using your private emails? There are plenty of companies that such an action, seen as a transgression that could result in immediate dismissal and that isn’t even high dangerous secretive information. Now consider that as Secretary of State, Hillary Clinton submitted over 20 top secret issues via private email, in addition, the emails went to the laptop of a previous employee, basically giving classified information to a non-authorized person. The fact that she ends up not being prosecuted is a little weird to say the least. Yet, I discussed that in an earlier blog, the link remains because the issues are linked.

What is important now is that the media at large had access to more information that I had (or so they think), and they kept you, the reader in the dark. The bias against Donald Trump is THAT intense. Now, personally, I think that Donald Trump is as dangerous as a baboon on XTC, which is an issue as this primate is merely dangerous and lethal in the most docile of times. Its teeth rip through your flesh and bones in one bite. I’ll be honest, Baboons scare me, not because of what they do (they are equipped to protect, not to hunt people), they are highly intelligent, yet when cornered they can be the most dangerous animal you will face in a lifetime. Making my correlation with Donald Trump a lot more accurate than even I bargained for. His latest actions known as ‘Donald Trump’s Impeachment Threat‘ (at http://www.nytimes.com/2016/11/04/opinion/donald-trumps-impeachment-threat.html), when we see “they may well seek to impeach Hillary Clinton if she wins, or, short of that, tie her up with endless investigations and other delaying tactics“, the Democratic Party is seeing the result of President Obama’s bad presidency. The result and fallout of Benghazi, the mail issues with the Clintons and a few other matter. As stated, Congress gets to push the FBI and it is a republican congress. There is a little too much realism in the quote “Mrs. Clinton won’t be able to govern, because we won’t let her. So don’t waste your vote on her. Vote for us“, because her promise to do something about the economy will fall flat for at least 2 years. In addition, there are other matters that play, matters that involve the non-committal towards Common Cyber Sense and with the alleged Cyber-attacks from Russia (I am calling them alleged, because no clear evidence is in existence, yet clear reliable speculative data that pushes towards Russian involvement cannot be denied, not even by me), we see that Russia is instigating another cold war, one that America is unlikely to win makes the Democratic position even more weak. Even if we all admit that it is too unlikely for Russia to win this, it will work as an anchor on the US economy, so the next president has that to worry about too.

So as we are confronted with the Cyber issues at hand, in light of the extreme negligence that Hillary Clinton has shown to have, we see certain markers that weigh down on the positivity of her campaign. This might be the first election where the third party had a decent shot of winning, isn’t it a shame that Reverend Jesse Jackson wasn’t running? I reckon that unlike 1984 and 1988, he actually would have had a chance this time around, when we are brooding on which of the two is the lesser of two evils, the third player o gets be an actual contender #ThatsJustMe, wasn’t it funny that he of all people that showed up in Detroit yesterday after which he praised Donald Trump for his commitment of Diversity. Although from the news we have seen, I have to wonder if ‘diversity’ was about the sizes and shapes of breasts. I just had to get that of my chest, #Pardonemoi.

In all this, the media themselves are also a worry as they are pushing the people with outdated information. An example is the Business Insider only 2 hours ago. The article (at http://www.businessinsider.com.au/hillary-clinton-new-emails-found-fbi-2016-11), gives us “The FBI says it found new emails related to Hillary Clinton’s time as secretary of state, CBS News reported on Thursday. It is not known whether the emails are relevant to a case involving Clinton’s private email server, the network said, but the messages do not appear to be duplicates of emails the agency has already reviewed, according to an unnamed US official cited by CBS News“, the article was given the date and identity ‘Bryan Logan Nov 4th, 2016, 11:12 AM‘, yet when we look at the CBS article “In a letter to Congress last Friday, FBI Director James Comey indicated that the agency was taking steps to review newly discovered emails relating to Clinton’s private email server. Those emails came from the laptop of Weiner, a former New York congressman“, which was what I reported on 5 days ago, which came from CNBC on October 29th. So, as the Business Insider is intentionally misinforming the people. So, can we agree that the Media could now be regarded as ‘tempering’ with elections by misinforming the public? Even as we see these events evolve, we need to take heed that Donald Trump is the kind of man that large media corporations do not mind to be indebted to. Because his next crazy idea that pays off, these people will be knocking for exclusives, so when you think that you are getting informed, think again! The article never ‘lies’, it just trivialises older news and gives only part of the complete timestamp on other sides, leaving us with the message that Hillary Clinton has more eventful issues, instead of us getting the correct information that Business Insider is just rehashing old news, to get a few more cycles out of it. How is that not tempering with the view of the voters?

 

Leave a comment

Filed under Media, Politics