Tag Archives: DHS

The incompetent view

I’ll admit, there are other things to write about, yet this is a larger issue than anyone thinks it is. The previous writers did not ponder the questions that were adamant, and Stephanie Kirchgaessner follows suit (at https://www.theguardian.com/us-news/2020/jan/27/nsa-faces-questions-over-security-of-trump-officials-after-alleged-bezos-hack) when we consider that the focus here is the NSA in ‘NSA faces questions over security of Trump officials after alleged Bezos hack‘. You see, it is not merely the fact that they got the stage wrong, it is the fact that everyone is looking at the stage, whilst the orchestra is missing, so how about that part of the equation and that leads to very uncomfortable question towards WHY the US is tailing on 5G and why it is trying to tailgate into the 5G room. They forgot what real innovation is and Saudi Arabia is seemingly passing them by, a nation that has forever been seen as a technological third world is surpassing the US and it is upsetting more and more people.

The US National Security Agency is facing questions about the security of top Trump administration officials’ communications following last week’s allegations that the Saudi crown prince may have had a hand in the alleged hack of Jeff Bezos“, with this the article opens and basically nothing wrong is stated here, yet when seen in the light of the byline which was “Democratic lawmaker asks agency if it is confident the Saudi government has not sought to hack US officials“, as such it becomes an issue. first off, the question is not wrong, because the US administration has a duty to seek the safety of communications for its coworkers (senators and such), yet in all this, it does become a little more clear when we see “Ron Wyden, a senior Democratic lawmaker, asked the director of the NSA whether he was confident that the Saudi government had not also sought to hack senior US government officials“. You see in the first, Saudi intentional involvement was NEVER established, moreover, the report (I looked at that last week) has several hiatus of a rather large kind, as such the formulation by this 70 year old person is quite the other issue. 

It is my personal conviction that a Fortune 100 company should consider the danger they open themselves up to when letting cyber issues be investigated by FTI Consulting. The entire matter of how infection was obtained (if it was infection), and that the entire matter was instigated by any third party who had gained access to the phone of Jeff Bezos, and in all this enough doubt was raised who got access and more importantly that there was no evidence that this was ANY Saudi official, as such the short sighted “whether he was confident that the Saudi government had not also sought to hack senior US government officials” by a 70 year old who shows issues of lack of critical thinking, no matter what which school he went to when he was half a century younger.

And again we see the reference towards “The senator from Oregon is separately seeking to force the Trump administration to officially release the intelligence it collected on the murder of Jamal Khashoggi, the Washington Post journalist who was killed in a state-sponsored murder in October 2018“, which is another flaw as there was never any clear evidence that anyone in Turkey was “killed in a state-sponsored murder in October 2018“, more importantly, the French UN Essay writer who was seemingly involved in both reports is showing a lack of critical thinking all by herself.

All this whilst Paul Nakasone (director NSA) is confronted with “was believed to have been the victim of a hack that was instigated after he allegedly received a WhatsApp message from the account of Crown Prince Mohammed bin Salman“, the problem is twofold, in the first I personally see the report by FTI Consulting as a hack job, not a job on a hack. There are several sides that give doubt on infection source and moreover there is additional lack of evidence that the source was a Saudi one. More importantly other sources gave away issues on WhatsApp some time overlapping the event, exploits that made it into the press from all sides giving the weakness that any unnamed party could have played to be a Saudi delivery whilst the file was not from that delivery point. Issues that were out in the open and the report gives that FTI Consulting ignored them. It could read that a certain French Essay writer stated ‘I Have a Saudi official and an American phone, find me a link, any link‘, I am not stating that this happened, but it feels like that was the FTI Consulting case. When was the last time you saw an intentional perversion of justice and truth?

And when we see: “The issue is now the subject of an investigation by two independent UN investigators“, we see an almost completed path. When we see all this lets take a step back and consider. 

  1. An American Civilian had his mobile allegedly (and optionally proven) hacked.
  2. The hacker is not found, the one accused cannot be proven (at present) to be the hacker.
  3. This ends up with the UN?

And I am not alone here. Three days ago (after my initial findings) I see (at https://edition.cnn.com/2020/01/24/tech/bezos-hacking-report-analysts/index.html) the headline ‘Bezos hacking report leaves cybersecurity experts with doubts‘, there we see “independent security experts, some of whom say the evidence isn’t strong enough to reach a firm conclusion” as well as “several high-profile and respected researchers, highlights the limits of a report produced by FTI Consulting, the company Bezos hired to investigate the matter“, so basically, the hair lacking CEO, who owns the Washington Post (where Khashoggi used to work) is allegedly hacked, he seemingly hires FTI Consulting on what I personally believe to be a hack job on hacking phones and the UN is using that biased piece of work to slam Saudi Arabia? Did I miss anything?

Yes, I did, the quote “The report suggested the incident bore hallmarks of sophisticated hacking software“, the problem here is that there is no way to see WHERE IT CAME FROM. Yet other sources give out several pieces on WhatsApp and how other sources could have a free go at infesting people. All whilst we also see “the paper revealed a lack of sophistication that could have been addressed by specialized mobile forensics experts, or law enforcement officials with access to premium tools“, all this whilst the entire setting went around the existence of cyber divisions. There is a link Jeff Bezos – Amazon – FTI Consulting – United Nations. At no point in this do we see any police department, or the FBI, why is that?

As such when we see “A key shortcoming of the analysis, Edwards said, was that it relied on a restricted set of content obtained from Bezos’s iTunes backup. A deeper analysis, she said, would have collected detailed records from the iPhone’s underlying operating and file systems. Other security experts characterized the evidence in the report as inconclusive“, I would state that this is merely the beginning.

Rob Graham (CEO Errata security) gives us “It contains much that says ‘anomalies we don’t understand,’ but lack of explanations point to incomplete forensics, not malicious APT actors” and Alex Stamos, the former chief information security officer at Facebook and a Stanford University professor gives us “Lots of odd circumstantial evidence, for sure, but no smoking gun“, in all this the extreme geriatric Ron Wyden (Oregon) is asking questions from the NSA with the text “asked the director of the NSA whether he was confident that the Saudi government had not also sought to hack senior US government officials” with the emphasis on ‘also‘, a stage that is not proven, and more importantly is almost redundant in the hack job we got to read about. As such I am not surprised to see “FTI Consulting declined to comment“, I wonder why?

It is even more fun to see the CNN article have the stage where we see “a research group at the University of Toronto, offered a suggestion that could allow investigators to gain access to encrypted information that FTI said it could not unlock“, as such we see that there are skill levels missing in FTI, for the simple reason that this report was allowed to leave the hands of FTI Consulting, a Firm that is proudly advertising that they have 49 of the Global 100 companies that are clients. If I had anything to say about it, those 49 companies might have more issues down the road than they are ready for, especially as they have over 530 senior managing directors and none of them stopeed that flimsy report making it to the outside world. I would personally set a question mark to the claim of them being advisor to 96 of the world’s top 100 law firms. I would not be surprised if I could punch holes in more cases that FTI Consulting set advice to, in light of the Bezos report, it might not be too hard a stage to do.

CNN also has a few critical points that cannot be ignored. With “The report’s limited results are a reminder that it can be extremely challenging to reconstruct the activities of a determined, well-resourced hacker, said Kenneth White, a security engineer and former adviser to the Defense Department and Department of Homeland Security“, I do not disagree with that, but the stage where WhatsApp had a much larger problem, is a given, and the report does not bring that up for one moment, that report was all about painting one party whilst the reality of the stage was that there was an open floor on how it was done, yet the report silenced all avenues there. In addition, Chris Vickery (Director UpGuard) gives us “other evidence provided by FTI increased his confidence that Bezos was being digitally surveilled“. that is not in question, core information directs that way, yet the fact that it was a Saudi event cannot be proven, not whilst Jeff Bezos is around hundreds of people in most moments of the day, that part is the larger setting and FTI Consulting knowingly skated around the subject, almost as it was instructed to do so.

One expert who wanted to remain anonymous gave us all “There’s an absurd amount of Monday morning quarterbacking going on” as well as “This isn’t a movie — things don’t proceed in a perfect, clean way. It’s messy, and decisions are made the way they’re made“, that expert is not wrong, and he/she has a point, yet the foundation of the report shows a massive lack in critical thinking whilst the report relies in its text on footnotes (as one would) yet on page 3, the text is “Al Qahtani eventually purchased 20 percent ownership in Hacking Team, apparantly acquired on behalf of the Saudi government. 8

all whilst footnote 8 gives us “https://www.vice.com/en_us/article/8xvzyp/hacking-team-investor-saudi-arabia” so not only does the FTI Consulting Job rely on ‘apparantly‘, the article gives in the first paragraph “Hacking Team was thoroughly owned, with its once-secret list of customers, internal emails, and spyware source code leaked online for anyone to see” as such we see ‘spyware source code leaked online for anyone to see‘, how did FTI Consulting miss this? That and the WhatsApp issue in that same year opens up the optional pool of transgressors to all non state hackers with considerable knowledge, as such the amount of transgressors ups to thousands of hackers (globally speaking). 

FTI Consulting missed that! and it missed a lot more. The article also sets a link to David Vincenzetti and for some reason he is not even looked at, there is no stage in the FTI report that his input was sought out, which in light of all this is equally puzzling. He might not have had anything to report, or perhaps he had enough to report taking the focal point away from Saudi players, we will never know, the joke (read: report) is out in the open in all its glory on limitation. 

In light of all this, did the question by Ron Wyden to the NSA make sense? As far as I can see, I see several points of incompetance and that has nothing to do with the one expert stating that this is a messy, the entire setting was optionally incompetent and for certain massively incomplete. 

More importantly, the last paragraphs has more funny parts than a two hour show by Jimmy Carr. The quote is “Anyone who has had communication with either MBS or his brother Khaled should assume their phone is hacked. Congress needs to get answers from NSA on what it knew about the hack of Bezos phone, when it knew it, and what it has done to stop Saudi criminal hacking behavior” and it comes from CIA analyst Bruce Riedel. Now, the quote is fine, but the hilarious part is how it was phrased (expertly done). Lets go over it in my (super subtle) way: “Anyone who has had communication with either MBS or his brother Khaled should assume their phone is hacked by Saudi, US or Iranian officials. Congress needs to get answers from NSA for a change on a matter that they were never consulted on whilst the report ended up with the UN on what it knew about the hack of Bezos phone, a person who has a few billion and a lack of hair but beyond that has no meaning to the US economy, he keeps all his gotten gains, when it knew when the phone of a civilian was allegedly hacked and, and what it has done to stop Saudi criminal hacking behavior which is not proven at present other than by people who have something to gain from seeing the Saudi’s as the bad party (like Iran), all in a report that is lacking all levels of clarity and proper investigation“, this is an important setting here. Just like the disappearance of a Saudi columnist writing for the Washington Post (another Jeff Bezos affiliate), we do not proclaim Saudi Arabia being innocent, merely that the lack of evidence does not make them guilty, in the present the hacking issue does not make Saudi Arabia guilty, the irresponsible version of the FTI Consulting report shows a massive lack of evidence that makes any Saudi Arabian party more likely than not innocent of all this and as both reports have one UN Female French Essay writer in common, it is more and more like a smear campaign than an actual event to find out what actually happened. Who signed up for that? I wonder if the NSA did, I feel decently certain that until they get all the actual evidence that they do not want to get involved with political painting, their left foot is busy keeping them standing up in a world of hunkered and crouched idiots.

Yet that is just my simple personal view on the matter.

 

Leave a comment

Filed under IT, Media, Military, Politics

That’s the way the money flows

The Independent had an interesting article 2 hours ago. The article (at https://www.independent.co.uk/news/world/americas/china-drones-spy-us-dhs-security-data-alert-a8922706.html). The title leaves little to the imagination with: ‘Chinese drones may be stealing sensitive information, DHS warns‘, after the Trump google play, after his refusal to submit to subpoena’s, after the anti Huawei activities that so far has never yielded any active evidence (the 8 year old case was settled within months are done with). Now we see: “Chinese-made drones in America may be sending sensitive data to their manufacturers back home where it can be accessed by the government, the United States Department of Homeland Security (DHS) has warned“, which might be a nightmare if it was not so hilarious. You see the next quote: “CNN, which obtained the internal alert, reported that the DHS fears drones will offer Chinese intelligence unfettered access to American data“, it comes across like we have a case where a CNN reporter has been hit by a silly stick and never recovered. Consider the drones we see, there is no space to have a dedicated hack system on board. Yes some can be done with a mobile, and there is plenty of space in that device, now consider the ‘sensitive’ data that needs to be found, the data needs to be connected to (and with all these faulty Cisco routers that is relatively easy at present), then a selection needs to be downloaded and that is merely for one place, one device. All this stops when any person uses common cyber sense. It is the revelation that we see next, that is the one that matters. With: “Though the alert didn’t name specific companies, the vast majority of drones used in the US and Canada are made by the Shenzen based Company, DJI, CNN reported” we see the part that matters. As drone services are up on an almost exponential growth as we see the push that got there. The news from November 2016 gave us: “Domino’s Pizza Enterprises Limited (Domino’s) and drone delivery partner Flirtey delivered the first order, a Peri-Peri Chicken Pizza, and a Chicken and Cranberry Pizza“. Consider the option to avoid traffic in New York, Los Angeles, San Francisco, Boston, Chicago, Seattle, Pittsburgh, all places with massive congestion. Drones are the optionally the newest quick way to deliver food, Amazon needs, Walmart needs, all in growing need due to the events where retailers and shippers combine forces to avoid a few items, and with congestion set to zero, people will flock to that consideration. Now the operational part, it seems that DJI is ahead of the curve, another Chinese company decided to truly innovate and now that the push is there and America is bankrupt (as I personally see it) anything possible to avoid money going to China, America is taking a pot shot at that. So when we are also treated to: “A spokesman for DJI denied that any information was being transmitted to it from its drones, adding that the security of its technology has been independently verified by the US government.” I start wondering if DHS was able to do its job properly. Now let’s be clear, there is no doubt that ANY drone can be used for espionage, especially if it is quiet enough. Yet is that the issue for DJI, or is that an issue with the spy that utilises drone technology? Yet that is actually not the only side, on the other side we see mentioned: “Those concerns apply with equal force to certain Chinese-made (unmanned aircraft systems)-connected devices capable of collecting and transferring potentially revealing data about their operations and the individuals and entities operating them, as China imposes unusually stringent obligations on its citizens to support national intelligence activities,” Now, this part does make sense. It is the same as the Apple Fitbit, that due to its global nature started to hand out the jogging patterns of Special forces in the Middle East, so within 3 days several members of the two dozen operatives had a check on their calorie burning and health, whilst the mapping data showed the world where the CIA black site was (oh apologies, I meant to say a military specialist endeavouring location of an undetermined nature). The question becomes how was the ‘the security of its technology has been independently verified by the US government‘ achieved? Was that verification process competent, or perhaps slightly less so?

I am not stating my verdict in either direction; yet the entire Huawei mess, as well as the DJI setting implies that the growth industries are shunned from America, mainly because it is not an American industry. Yet in all this, the forget that places like the EU and India are large enough to go forward with both players and truly grow further, whilst the downturn and the economic lag that the US is creating will merely grow the loss of momentum and the recession it will fuel in other ways. I would consider that the setback that Google is trying to create will have larger repercussions down the road. As larger Data vendors will now optionally choose the Chinese side, they will grow market share. You see no matter how it is sliced, all this is data based and data can only grow if there is usage. So when people remain with Huawei as their phone keeps on working, we see that there is a larger concern soon enough. At some point people will stop trusting Samsung, Google and Apple phones, which works out nicely for several players (Microsoft actually more than most), what do you think happens when the larger share of 14.7% of a global market changes to player three and not use Google apps to some degree? Google momentum relies on non-stop data and usage, when a third of the 60% that these three cover stops, do you think that this has no impact for Google?

The same applies to drones. You see intelligence makes the drone and as it grows its market share and the collected data of drone usage is set, the innovation of DJI grows faster. It is the difference between generation now and generation 2022, DJI will grow and can grow in several directions, yet the entire the setting of ‘data theft’ we see that there is a lack of ‘what’ data. What data is collected, the flight path? Well, I think we all need to know in 2023 what flight path was taken for the delivery of 342,450 pizza’s delivered per hour, is it not? It is not that Google Map has that data, and within a building in New York, is there truly a clear sign in the drone itself who exactly the merchandise was for, or was that on the box (instead of the drone). Now, there is no denying that some of that data would optionally be accessible to the Chinese government? Yet what data, what level of data? Do you think that they have time for the hundreds of drones and the data whilst they can monitor 20,000 times that data with a spy satellite (and an additional truckload of data that the drone never had in the first place?

It is when I see ‘unfettered access to American data‘ where the questions become pressing. It is like watching Colin Powell coming into a non-disclosed location with his silver briefcase and in the end the lack of WMD’s, are we going in that direction again? when I see ‘unfettered access to American data‘, it is at that moment I see the optional comparison (an extreme lose comparison mind you) with the innocent preachers daughter who did the naughty thing to 30% of the boys coming to Sunday sermon, having attempted things I cannot even rent on adult video. It is the CNN article (at https://edition.cnn.com/2019/05/20/politics/dhs-chinese-drone-warning/index.html) that gives additional rise to concerns. When you see: “Users are warned to “be cautious when purchasing” drones from China, and to take precautionary steps like turning off the device’s internet connection and removing secure digital cards. The alert also warns users to “understand how to properly operate and limit your device’s access to networks” to avoid “theft of information.”” It seems to me that there are dozens of ways to get this data, a drone seems like an expensive long way round-trip to get to that data, whilst more can be accessed in several other ways and it is the speculation through ‘device’s internet connection‘, so when we see one of these devices (at https://www.dji.com/au/phantom-4-pro-v2/info#specs), we are treated to: “The new Phantom 4 Pro V2.0 features an OcuSync HD transmission system, which supports automatic dual-frequency band switching and connects to DJI Goggles wirelessly“, where did the internet come in? Yes there is an app, to get a live view from the drone, so what ‘unfettered access to American data‘ could there be that Google Maps at present does not have in more detail?

It is the next part that is the actual ace. When we see: “DJI, which reported $2.7 billion in revenue in 2017, is best known for its popular Phantom drone. Introduced in 2013, the drone is the top-selling commercial drone on the market“, information the Independent did not give us, that is the actual stage as I personally see it. It was $2.7 billion in 2017, there is no doubt that when drone delivery truly takes off, at that point revenue that sits between $15 and $27 billion is not unrealistic, the dire need to avoid congestion on a global scale will drive it and that is before you realise the non-US benefits in London, Amsterdam, Paris, Berlin, Munich, Madrid, Barcelona, Rome, Athens, Moscow. At that point you will see stronger growth and I haven’t even looked at the opportunities in a place like Mumbai, Tokyo, Delhi, Bangkok, Rio, Buenos Aires and Sydney yet. Everything leaves me with the impression that this is not about security, it is about money. That fact can be proven when you realise that everyone remains silent on the 29 new vulnerabilities that Cisco reported merely a month ago. How many Cisco router stories have come from that non-technologically refined White House, where they are currently optionally limited by “Cisco routers, including ones that can be found in malls, large companies or government institutions, are flawed in a way that allows hackers to steal all of the data flowing through them“, the cybersecurity company Red Baron handed out that issue to the media last week, so who picked up on that danger to ‘unfettered access to American data‘? And when you consider ‘it allows potential malicious actors to bypass the router’s security feature, Trust Anchor. This feature has been standard in Cisco’s routers since 2013‘, when we realise that Cisco is a household name on a global scale (especially when connected to the internet), the entire Cisco matter seems to be at least 15,000 times worse than any DJI drone ever could be, and the fact that DHS remains silent on that gives (again, as I personally see it) is added proof that this is merely about the money and the fact that US companies are losing markets on a global scale.

I could set the stage by singing ‘All ‘Bout the money‘ by Meja and ‘That’s the way the money goes‘ by M, but then, I realise that people would most likely pay me serious money not to sing (my voice is actually that bad).

That’s the way the money flows, specifically at present in a direction that the US is for the foreseeable future most displeased about.

 

1 Comment

Filed under Finance, IT, Media, Military, Science

Telstra, NATO and the USA

There are three events happening, three events that made the limelight. Only two seem to have a clear connection, yet that is not true, they all link, although not in the way you might think.

Telstra Calling

The Guardian (at https://www.theguardian.com/business/2018/jun/20/telstra-to-cut-8000-jobs-in-major-restructure) starts with ‘Telstra to cut 8,000 jobs in major restructure‘. Larger players will restructure in one way or another at some point, and it seems that Telstra is going through the same phase my old company went through 20 years ago. The reason is simple and even as it is not stated as such, it boils down to a simple ‘too many captains on one ship‘. So cut the chaff and go on. It also means that Telstra would be able to hire a much stronger customer service and customer support division. Basically, it can cut the overhead and they can proclaim that they worked on the ‘costing’ side of the corporation. It is one way to think. Yet when we see: “It plans to split its infrastructure assets into a new wholly owned business unit in preparation for a potential demerger, or the entry of a strategic investor, in a post-national broadband network rollout world. The new business unit will be called InfraCo“. That is not a reorganisation that is pushing the bad debts and bad mortgages out of the corporation and let it (optionally) collapse. The congestion of the NBN alone warrants such a move, but in reality, the entire NBN mess was delayed for half a decade, whilst relying on technology from the previous generation. With 5G coming closer and closer Telstra needs to make moves and set new goals, it cannot do that without a much better customer service and a decently sized customer support division, from there on the consultants will be highly needed, so the new hiring spree will come at some stage. The ARNnet quote from last month: “Shares of Australia’s largest telco operator Telstra (ASX:TLS) tumbled to their lowest in nearly seven years on 22 May, after the firm was hit by a second major mobile network service outage in the space of a month“, does not come close to the havoc they face, it is not often where one party pisses off the shareholders, the stakeholders and the advertisers in one go, but Telstra pulled it off!

A mere software fault was blamed. This implies that the testing and Q&A stage has issues too, if there is going to be a Telstra 5G, that is not a message you want to broadcast. The problem is that even as some say that Telstra is beginning to roll out 5G now, we am afraid that those people are about to be less happy soon thereafter. You see, Telstra did this before with 4G, which was basically 3.5G, now we see the Business Insider give us ‘Telstra will roll out 2Gbps speeds across Australian CBDs within months‘, but 2Gbps and 10Gbps are not the same, one is merely 20%, so there! Oh, and in case you forgot the previous part. It was news in 2011 when ABC gave us (at http://www.abc.net.au/technology/articles/2011/09/28/3327530.htm) “It’s worth pointing out that that what Telstra is calling 4G isn’t 4G at all. What Telstra has deployed is 1800MHz LTE or 3GPP LTE that at a specification level should cap out at a download speed of 100Mb/s and upload speed of 50Mbps [ed: and the public wonders why we can’t just call it 4G?]. Telstra’s sensibly not even claiming those figures, but a properly-certified solution that can actually lay claim to a 4G label should be capable of downloads at 1 gigabit per second; that’s the official 4G variant known as LTE-A. Telstra’s equipment should be upgradeable to LTE-A at a later date, but for now what it’s actually selling under a ‘4G’ label is more like 3.7-3.8G. “3.7ish G” doesn’t sound anywhere near as impressive on an advertising billboard, though, so Telstra 4G it is“, which reflects the words of Jeremy Irons in Margin Call when he states: “You can be the best, you can be first or you can cheat“. I personally think that Telstra is basically doing what they did as reported in 2011 and they will market it as ‘5G’, giving premise to two of the elements that Jeremy Irons mentioned.

This now gives a different visibility to the SMH article last week (at https://www.smh.com.au/business/companies/how-a-huawei-5g-ban-is-about-more-than-espionage-20180614-p4zlhf.html), where we see “The expected ban of controversial Chinese equipment maker Huawei from 5G mobile networks in Australia on fears of espionage reads like a plot point from a John le Carre novel. But the decision will have an impact on Australia’s $40 billion a year telecoms market – potentially hurting Telstra’s rivals“, as well as “The Sydney Morning Herald and The Age reported in March that there were serious concerns within the Turnbull government about Huawei’s potential role in 5G – a new wireless standard that could be up to 10 times as powerful as existing mobile services, and used to power internet connections for a range of consumer devices beyond phones“, you see I do not read it like that. From my point of view I see “There are fears within the inner circle of Telstra friends that Huawei who is expected to offer actual 5G capability will hurt Telstra as they are not ready to offer anything near those capabilities. The interconnectivity that 5G offers cannot be done in the currently upgradable Telstra setting of a mere 2bps, which is 20% of what is required. Leaving the Telstra customers outside of the full range of options in the IoT in the near future, which will cost them loads of bonus and income opportunities“. This gives two parts, apart from Optus getting a much larger slice of the cake, the setting is not merely that the consumers and 5G oriented business is missing out, private firms can only move forward to the speed that Telstra dictates. So who elected Telstra as techno rulers? As for the entire Huawei being “accused of spying by lawmakers in the US“, is still unfounded as up to now no actual evidence has been provided by anyone, whilst at the same speed only a week ago, the Guardian gave us ‘Apple to close iPhone security gap police use to collect evidence‘, giving a clear notion that in the US, the police and FBI were in a stage where they were “allowed to obtain personal information from locked iPhones without a password, a change that will thwart law enforcement agencies that have been exploiting the vulnerability to collect evidence in criminal investigations“, which basically states that the US were spying on US citizens and people with an iPhone all along (or at least for the longest of times). It is a smudgy setting of the pot calling the kettle a tea muffler.

The fact that we are faced with this and we prefer to be spied on through a phone 50% cheaper is not the worst idea. In the end, data will be collected, it is merely adhering to the US fears that there is a stronger setting that all the collected data is no longer in the US, but in places where the US no longer has access. That seems to be the setting we are confronted with and it has always been the setting of Malcolm Turnbull to cater to the Americans as much as possible, yet in this case, how exactly does Australia profit? I am not talking about the 37 high and mighty Telstra ‘friends’. I am talking about the 24,132,557 other Australians on this Island, what about their needs? If only to allow them than to merely get by on paying bills and buying food.

Short term and short sighted

This gets us to something only thinly related, when we see the US situation in ‘Nato chief warns over future of transatlantic relationship‘. The news (at https://www.theguardian.com/world/2018/jun/19/transatlantic-relationship-at-risk-says-nato-chief) has actually two sides, the US side and the side of NATO. NATO is worried on being able to function at all. It is levied up to the forehead in debts and if they come to fruition, and it will they all drown and that requires the 27 block nation to drastically reduce defence spending. It is already trying to tailor a European defence force which is a logistical nightmare 6 ways from Sunday and that is before many realise that the communication standards tend to be a taste of ‘very nationally’ standard and not much beyond that point. In that regard the US was clever with some of their ITT solutions in 1978-1983. Their corn flaky phones (a Kellogg joke) worked quite well and they lasted a decent amount of time. In Europe, most nations were bound to the local provider act and as such there were all kinds of issues and they all had their own little issues. So even as we read: “Since the alliance was created almost 70 years ago, the people of Europe and North America have enjoyed an unprecedented period of peace and prosperity. But, at the political level, the ties which bind us are under strain“, yup that sounds nice, but the alliances are under strain by how Wall Street thinks the funding needs to go and Defence is not their first priority, greed is in charge, plain and simple. Now, to be fair, on the US side, their long term commitment to defence spending has been over the top and the decade following September 11 2001 did not help. The spending went from 10% of GDP up to almost 20% of GDP between 2001 and 2010. It is currently at about 12%, yet this number is dangerous as the economy collapsed in 2008, so it basically went from $60 billion to $150 billion, which hampered the infrastructure to no end. In addition we get the splashing towards intelligence consultants (former employees, who got 350% more when they turned private), so that expenditure became also an issue, after that we see a whole range of data gathering solutions from the verbose (and not too user friendly) MIIDS/IDB.

In CONUS (or as you might understand more clearly the contiguous United 48 States; without Alaska and Hawaii), the US Army Forces Command (FORSCOM) Automated Intelligence Support Activity (FAISA) at Fort Bragg, NC, has access to the MIIDS and IDB by tactical users of the ASAS, and they maintain a complete copy of DIA’s MIIDS and IDB and update file transactions in order to support the tactical user. So there are two systems (actually there are more) and when we realise that the initial ASAS Block I software does not allow for direct access from ASAS to the FAISA System. So, to accomplish file transfer of MIIDS and IDB files, we are introduced to a whole range of resources to get to the data, the unit will need an intermediate host(s) on the LAN that will do the job. In most cases, support personnel will accomplish all the file transfers for the unit requesting that intel. Now consider 27 national defence forces, one European one and none of them has a clue how to get one to the other. I am willing to wager $50 that it will take less than 10 updates for data to mismatch and turn the FAISA system into a FAUDA (Arabic for chaos) storage system, with every update taking more and more time until the update surpasses the operational timeframe. That is ample and to the point as there is a growing concern to have better ties with both Israel and Saudi Arabia, what a lovely nightmare for the NSA as it receives (optionally on a daily basis) 9 updates all containing partially the same data (Army-Navy, Army-Air force, Army-Marines, Navy-Air force, Navy-Marines, Air force-Marines, DIA, DHS and Faisa HQ). Yes, that is one way to keep loads of people employed, the cleaning and vetting of data could require an additional 350 hours a day in people to get the vetting done between updates and packages. In all this we might see how it is about needing each other, yet the clarity for the US is mostly “Of the 29 Nato members, only eight, including the US and the UK, spend more than 2% of their GDP on defence, a threshold that the alliance agreed should be met by all the countries by 2024. Germany spent €37bn (£32.5bn), or 1.2% of GDP, on defence last year“, it amounts to the US dumping billions in an area where 28 members seem to have lost the ability to agree to standards and talk straight to one another (a France vs Germany pun). In all this there is a larger issue, but we will now see that in part three

Sometimes a cigar is an opportunity

you see, some saw the “‘Commie cadet’ who wore Che Guevara T-shirt kicked out of US army” as an issue instead of an opportunity. The article (at https://www.theguardian.com/us-news/2018/jun/19/west-point-commie-cadet-us-army-socialist-views-red-flags) gives light to some sides, but not to the option that the US basically threw out of the window. You see the Bill of rights, a mere piece of parchment that got doodled in 1789 offering things like ‘freedom to join a political party‘, as we see the setting at present. The issue as I see it is the overwhelming hatred of Russia that is in play. Instead of sacking the man, the US had an opportunity to use him to see if a dialogue with Cuba could grow into something stronger and better over time. It might work, it might not, but at least there is one person who had the option to be the messenger between Cuba and the US and that went out of the window in a heartbeat. So when we see: “Spenser Rapone said an investigation found he went online to advocate for a socialist revolution and disparage high-ranking officers and US officials. The army said in a statement only that it conducted a full investigation and “appropriate action was taken”“. Was there a full investigation? To set this in a proper light, we need to look at NBC (at https://www.nbcnews.com/news/us-news/sexual-assault-reports-u-s-military-reach-record-high-pentagon-n753566), where we see: “Service members reported 6,172 cases of sexual assault in 2016 compared to 6,082 last year, an annual military report showed. This was a sharp jump from 2012 when 3,604 cases were reported“, we all should realise that the US defence forces have issues, a few a hell of a lot bigger than a person with a Che Guevara T-Shirt. So when we ask for the full investigations reports of 6172 cases, how many have been really investigated, or prosecuted on? NBC reported that “58 percent of victims experienced reprisals or retaliation for reporting sexual assault“, so how exactly were issues resolved?

Here we see the three events come together. There is a flawed mindset at work, it is flawed through what some might call deceptive conduct. We seem to labels and when it backfires we tend to see messages like ‘there were miscommunications hampering the issues at hand‘, standards that cannot be agreed on, or after there was an agreement the individual players decide to upgrade their national documents and hinder progress. How is that ever going to resolve issues? In all this greed and political needs seem to hinder other avenues though players that should not even be allowed to have a choice in the matter. It is the setting where for close to decades the politicians have painted themselves into a corner and are no longer able to function until a complete overhaul is made and that is the problem, a solution like that costs a serious amount of funds, funds that are not available, not in the US and not in Europe. The defence spending that cannot happen, the technology that is not what is specified and marketing will merely label it into something that it is not, because it is easier to sell that way. A failing on more than one level and by the time we are all up to speed, the others (read: Huawei) passed us by because they remained on the ball towards the required goal.

So as we are treated to: “A parliamentary hearing in Sydney got an extra touch of spice yesterday, after the chief executive of NBN Co appeared to finger one group of users supposedly responsible for congestion on NBN’s fixed wireless network: gamers“, whilst the direct setting given is “Online gaming requires hardly any bandwidth ~10+ megabytes per hour. A 720p video file requires ~ 500+ megabytes per hour. One user watching a YouTube video occupies the same bandwidth as ~50 video gamers“, we can argue who is correct, yet we forgot about option 3. As was stated last week we see that the largest two users of online games were Counterstrike (250MB/hour) add Destiny 2 (300 MB/hour), whilst the smallest TV watcher ABC iView used the same as Destiny 2, the rest a multitude of that, with Netflix 4K using up to 1000% of what gamers used (in addition to the fact that there are now well over 7.5 million Netflix users, whilst the usage implies that to be on par, we need 75 million gamers, three times the Australian population). Perhaps it is not the gamers, but a system that was badly designed from the start. Political interference in technology has been a detrimental setting in the US, Europe and Australia as well, the fact that politicians decide on ‘what is safe‘ is a larger issue when you put the issues next to one another. If we openly demand that the US reveal the security danger that Huawei is according to them, will they remain silent and let a ‘prominent friend‘ of Telstra speak?

When we look one tier deeper into NATO, they themselves become the source (at https://www.nato-pa.int/document/2018-defence-innovation-capitalising-natos-science-and-technology-base-draft-report) with: ‘Capitalising on Nato’s Science and Technology Base‘. Here we see on page 5: “In an Alliance of sovereign states, the primary responsibility to maintain a robust defence S&T base and to discover, develop and adopt cutting-edge defence technologies lies with NATO member states themselves. Part of the answer lies in sufficient defence S&T and R&D budgets“. It is the part where we see: ‘adopt cutting-edge defence technologies lies with NATO member states themselves‘ as well as ‘sufficient defence S&T and R&D budgets‘. You introduce me to a person that shows a clear partnership between the needs of Philips (Netherlands) and Siemens (Germany) and I will introduce you to a person who is knowingly miscommunicating the hell out of the issue. You only need to see the 2016 financial assessment: “After divesting most of its former businesses, Philips today has a unique portfolio around healthy lifestyle and hospital solutions. Unlike competitors like GE Healthcare and Siemens Healthineers, the company covers the entire health continuum” and that is merely one field.

Rubber Duck closing in on small Destroyer.

In that consider a military equivalent. The 5th best registered CIWS solution called MK15 Phalanx (US), the 3rd position is for the Dutch Goalkeeper (Thales Netherlands) and the 2nd best CIWS solution comes from the US with the Raytheon SeaRAM. Now we would expect every nationality would have its own solution, yet we see the SeaRAM was only adopted by Germany, why is it not found in the French, Italian, Spanish and Canadian navy? Belgium has the valid excuse that the system is too large for their RIB and Dinghy fleet, but they are alone there. If there is to be true connectivity and shared values, why is this not a much better and better set partnership? Now, I get that the Dutch are a proud of their solution, yet in that entire top list of CIWS systems, a larger group of NATO members have nothing to that degree at all. So is capitalising in the title of the NATO paper actually set to ‘gain advantage from‘, or is it ‘provide (someone) with capital‘? Both are options and the outcome as well as the viability of the situation depending on which path you take. So are the Australians losing advantage from Telstra over Huawei, or are some people gaining huge lifestyle upgrades as Huawei is directed to no longer be an option?

I will let you decide, but the settings are pushing all boundaries and overall the people tend to not benefit, unless you work for the right part of Palantir inc, at which point your income could double between now and 2021.

 

2018 – DEFENCE INNOVATION – ALLESLEV DRAFT REPORT – 078 STC 18 E

2 Comments

Filed under Finance, Gaming, IT, Media, Military, Politics, Science

In speculated anticipation

This is on a matter that is slippery like a promiscuous nymphomaniac lady contemplating monogamy. In a world where any person next to you could be a pimp, a whore or merely psychotic. Welcome to the cold war! Merely a few hours ago, the Guardian gave us ‘Obama orders sanctions on Russia after campaign hacking during US election’ (at https://www.theguardian.com/us-news/2016/dec/29/barack-obama-sanctions-russia-election-hack). Now, we have known the CIA and other parties to be blatantly incorrect when it came to Sony and North Korea. Yet, here in this case, there are a few elements in play where it is indeed more likely than not that if there was real interference that Russia would have been guilty, involved or at the very least privy to the events. In this China is a lot less likely, because as business deals go, they are a lot better of with the Ignorance of former State Secretary Hillary Clinton, than they will ever be with President elect Donald Trump, so as the calling of garden grooming spades, the one turning the soil is overly likely to be the Russian side.

There was an earlier article referred to in this one, where we see: “He dodged whether Putin personally directed the operations but pointedly noted “not much happens in Russia without Vladimir Putin”“, which is actually incorrect. You see, and President Barack Obama know this to be an absolute truth is that deniability is essential in some operations. Yet, in this even as President Vladimir Putin would have been kept in the dark (likely by his own request), it is less likely that Sergey Kuzhugetovich Shoygu is involved, yet if the GRU was involved than Igor Korobov would know for sure. You see, the FSB is the second option, yet for those who have seen some of the reports that Darknet has regarding investigative journalist Andrei Soldatov gives at some parts the inclination that the FSB funding on more advanced cyber actions was lacking making the GRU the opponent of choice. This comes with the assumption from my side that less advanced equipment would have given US cyber sides a lot more data to show earlier that Russia was intervening with the elections. The reports of a group called Fancy Bear gives way to the technology they get access to and the places they can access them at. There is another piece that I have not been able to confirm, it is speculative and even as it gives base to giggles of all matters, it remains a speculation. It is said that Fancy Bear operatives have been able to work from North Stockholm, if so, they might have accessed the IBM backbone there, which has a massive amount of data pushing power. Giving way that the US gave powers to enable hacking of the US election system, live is just too cynical at times.

Another quote is also linked to this, but not from the cyber point of view. “Obama repeatedly weighed in on what he saw as increased polarization in the United States. “Over a third of Republican voters approve of Vladimir Putin, the former head of the KGB. Ronald Reagan would roll over in his grave. How did that happen?”“, in that my response would be ‘Well Mr President, if you had gotten of your ass and actually do things instead of politicising things. If you would have actually kept a budget and not push the US into 20 trillion of national debt people might be less on the fence for the other side, right?‘ There will be no reply because not only as this administration been close to useless, the actions of the last few days where the new electorate gets an agenda pushed down its throat where a clear cooperation with terrorist organisations is seen is plenty of food for thought, yet that rave needs to seize as it does not completely apply to the case at hand!

There are however other matters for concern “In a conference call with reporters, senior White House officials said its actions were a necessary response to “very disturbing Russian threats to US national security”“, which beckons three things:

1. Why was it a conference call and not on every video or a live presentation?
2. Wow long has this been actually known?
3. Where is the actual evidence?

Like Sony, like other parts, the press wants to see evidence and NONE has been presented. No station, as far as I have been able to tell has shown any schematic on how the election could have been tampered with evidence. There are hundreds of anti-Clinton and anti-Trump conspiracy theorist videos, yet none form any reputable news channel. Which also now gives voice to the thought whether the US intelligence branch in this administration has been the biggest joke ever (North Korean accusations et al).

Still in all this, the US is pushing for a cold war, which might not be the worst thing, yet as the US is to be regarded as bankrupt, the upgrades that will involve a data centre and 4-6 billion in equipment and resources is something there will be no room for any day soon.

So what is this about? Is this about the Democrats being really sore losers? I am not sure what to think, yet the entire approach via conference calls, no presentation of evidence, there are a few too many issues here. In addition, if there was evidence, do you not think that President Obama would present it, to show at least that he is capable of publicly smiting President Putin? Let’s face it, he does need to brownie points. Yet, in light of some evidence not shown, the actions at the 11th hour, are they a sign that the Democratic Party will be relying on act that some could regard as Malfeasance in office? Of course these people will not need to give a second thought as they will be removed from office in a few weeks, yet to leave open the next public officials to added pressures to clean up not just their last 8 years of action, but in addition acts of impeding elected officials could have long term consequences. Let’s not forget that the Republican Party starts with both a Republican Senate and Congress, as well as their guy in the White House, so if the Democratic Party wants anything to happen, being nice is pretty much their only option.

In addition, when we look at the US recount (at https://www.theguardian.com/us-news/2016/dec/28/election-recount-hacking-voting-machines), we see first off ‘US recounts find no evidence of hacking in Trump win but reveal vulnerabilities‘, in addition we see “In Wisconsin, the only state where the recount was finished, Trump’s victory increased by 131 votes, while in Michigan, where 22 of 83 counties had a full or partial recount, incomplete data suggests was a net change of 1,651 votes, “but no evidence of an attack”“, which is not amounting to evidence in total, we do see that two places were not intervened with, still the system is setting the pace that there are future concerns. The message ““We didn’t conclude that hacking didn’t happen,” he told the Guardian, but “based on the little evidence we have, it is less likely that hacking influenced the outcome of the election” does clearly state that hacking did not happen, it is given with some clarity that any hacking if it happened, that the outcome was not influenced by hacking. This now gives rising concerns to James Comey and what is happening on his watch. More important, the responses that the Guardian had (at https://www.theguardian.com/technology/2016/dec/29/fbi-dhs-russian-hacking-report) where we see “The report was criticized by security experts, who said it lacked depth and came too late” as well as “Jonathan Zdziarski, a highly regarded security researcher, compared the joint action report to a child’s activity center“, which is not the first time we see it. More important is the quote “Tom Killalea, former vice-president of security at Amazon and a Capital One board member, wrote: “Russian attack on DNC similar to so many other attacks in past 15yrs. Big question: Why such poor incident response?”” is exactly the issue I had in the initial minute of the information being read by me and that is not the only part of it. The fact that the involved parties seem to be lacking more and more in advising actions as well as a clear cyber security pathway (the Clinton private mail server issues) that is correctly enforced and checked upon. The utter lack of proper ‘Common Cyber Sense‘ as seen for close to a decade at present all over official and governmental US is cause for a large amount of problems, yet the amount of evidence produced that there actually was Russian Cyber actions into changing the election results have not been brought and was brought was done in a very unconvincing way, in a way that top people had deniability of involvement in fingering the Russians. The PDF reads like something less serious in a few ways. You see, the techniques described are not wrong, but it leaves it open to who was the participating party. It could have been mere private hackers, the Russian Mafia is also a cyber-player. The fact that alleged actions from summer 2015 are only now coming into the light.  Is that not equally strange? By the way, the fact that Russian intelligence would try to ‘visit’ the files of the US Democratic Party is not that weird. Is there any indication that NSA, GCHQ and ANSSI would not have been accessing (or trying to) the United Russian party servers for intelligence is equally silly! Neither shows intent to influence an election. Let’s face it, Benghazi was a large enough mess to sway the vote in the first place and US insiders were all too happy to leak information, the Russian merely had to sit back, laugh and drink Vodka. In addition, the fact that malware was on the systems in not in question, it happens too often in too many places, yet clear evidence that APT28 or APT29 were the culprits implies router information, router data and clear information on when EXACTLY is happened (summer 2015 is a little too wide). More important, this also implies that proper malware defence was NEVER in place, so how shallow do these people want to get?

From page 8 we start seeing the true ability of the intelligence to envelope themselves into the realm of comedy. Items like ‘Update and patch production servers regularly‘ and ‘Use and configure available firewalls to block attacks‘ as well as ‘Perform regular audits of transaction logs for suspicious activity‘, these events should have been taking place for a long time, the fact that registered events from 2015 and now show that these mitigation elements are mentioned imply the fact that IT reorganisation has been essential is a larger issue and heavy on comedy if that has been absent for 2+ years. I think negligence becomes a topic of discussion at that point. The least stated on ‘Permissions, Privileges, and Access Controls‘ the better, especially if they haven’t been in place. So in retrospect, not having any ‘evidence’ published might have been better for the Democratic Party and especially for James B. Comey and Jeh Johnson. The main reason is that these events will have a longer term implications and certain parties will start asking questions, if they don’t, those people might end up have to answer a few questions as well.

In that regard the Guardian quote “The question hasn’t even been asked: ‘Did you take basic measures to protect the data that was on there?’“, a question that seems basic and was basically voiced by Sean Spicer on CNN. The fact that according to 17 intelligence agencies agree (as quoted by CNN), brings worry to those agreeing and the laughable bad quality PDF that was released. Consider that we are seeing the reaction of unanimous agreed intelligence without any clear presented evidence, actual evidence, so what are they agreeing on? As stated by Sean Spicer in the CNN interview, the burden of proof is on the intelligence community. Especially as there is an implied lack of due diligence of the Democratic National Committee to secure their IT systems. The fact that the implied lack of diligence should give view to the fact that there are plenty of American citizens that are anti democrats in the US alone to give worry on WHO have been jogging through the DNC servers.

A view that seems to have been overlooked by plenty of people as well.

In the act of anticipated speculation we should speculate that proper presentation of the evidence will be forthcoming. The presentation on a level that will give a positive response from security experts will be a lot to ask for, yet in all this, you should be asking yourself the one question that does matter, it is possible that the FBI got it wrong three times in a row? If so, in how much trouble is Cyber America?

 

Leave a comment

Filed under IT, Law, Media, Military, Politics

A leaky Cauldron is a just sif!

Well, as we are moving into the final days of President Obama, we get to see one more rodeo of entertainment, amusement and comedy. You see the headline ‘Barack Obama delivers stinging critique of FBI: ‘We don’t operate on leaks’‘, we can argue that they actually do, or we can howl with laughter, because for the most, the Obama administration created leaks, it did close to nothing to do something about it that would actually work. For one, here is a quote from thinkprogress.org. It is from August 7th 2015: “Congress’s Cybersecurity Plan Has Some Major Flaws“, this is in his second presidency and we see Congress not being even close to resolving essential issues that should have been addressed well before 2008. This level of inaccuracy (read: incompetence) is shown in “Civil liberties groups including the Electronic Freedom Foundation (EFF), New America, and American Civil Liberties Union (ACLU) urged the public to call their senators to persuade them to vote against, what even the Department of Homeland Security has deemed, a flawed bill with more than 20 proposed amendments“. So an issue where the ACLU and the DHS are on the same page, even when taking decent amounts of LSD, the world would still seem more logical, when ACLU and DHS are on the same page, the matter is a lot more critical than some make it out to be.

When we look back to 2013, when Robert Gates, the former Defence Secretary, reveals in his book ““reveals the depth of Mr. Obama’s concerns over leaks of classified information to news outlets, noting that within his first month in office, the new president said he wanted a criminal investigation into disclosures on Iran policy published by The New York Times.”“, we see that President Obama, knows all about leaks, they were at the centre of his core for two terms, so when we see again and again that the ball was dropped, what does that state about the president and his administration that keeps on twisting their ‘cyber’ thumbs?

Yet in all this, it was the Guardian who gave us (at https://www.theguardian.com/us-news/2016/nov/03/fbi-leaks-hillary-clinton-james-comey-donald-trump) an essential issue “Even some congressional Republicans, no friends to Clinton, have expressed discomfort with Comey’s last-minute insertion of the bureau into the election“, apart from what I discussed in my blog ‘As messages pass by‘ two days ago, there is one other part that must be mentioned in all fairness, because this is about the situation, not about anti-Clinton rants. The quotes are “As The Post’s Sari Horwitz reported on Saturday, “a largely conservative investigative corps” in the bureau was “complaining privately that Comey should have tried harder to make a case” against Clinton“, as well as “Rep. Jason Chaffetz (R-Utah), chair of the Oversight Committee, quickly tweeted news of Comey’s letter Friday and stated: “Case reopened.” This is not what Comey said (and technically the Clinton case was never closed). But many in the media bought Chaffetz’s hype, especially in early accounts. That’s what happens when an FBI director hands an explosive but muddled letter to a Republican-led Congress. In fact, Chaffetz had already made clear that if Clinton wins, the GOP’s top priority will be to keep the Clinton investigative machine rolling“, which came from https://www.washingtonpost.com/opinions/comey-gives-in-to-shameful-partisanship/2016/10/30/c31c714a-9ed8-11e6-8d63-3e0a660f1f04_story.html and this clearly shows two elements. One is that the republicans via Congressman Jason Chaffetz, Republican from Utah pushed. For those who think that this doesn’t matter, consider the following which we get from the FBI Website (at https://www.fbi.gov/about/faqs ). “Who monitors or oversees the FBI? The FBI’s activities are closely and regularly scrutinized by a variety of entities. Congress—through several oversight committees in the Senate and House—reviews the FBI’s budget appropriations, programs, and selected investigations. The results of FBI investigations are often reviewed by the judicial system during court proceedings…“, so when Congress pushes the FBI, it has bearing and impact (although ‘bearing’ would be allegedly). So whilst the media is going all out against Director James B. Comey, can we agree that Congress was pushing and in addition, the fact remains that Hillary Clinton could still up ending to be regarded as criminally negligent.

Now that last accusation needs explaining, and funnily enough, for the most, we all have that evidence. Those who have a job, ask yourself how many bosses allow you to do company business using your private emails? There are plenty of companies that such an action, seen as a transgression that could result in immediate dismissal and that isn’t even high dangerous secretive information. Now consider that as Secretary of State, Hillary Clinton submitted over 20 top secret issues via private email, in addition, the emails went to the laptop of a previous employee, basically giving classified information to a non-authorized person. The fact that she ends up not being prosecuted is a little weird to say the least. Yet, I discussed that in an earlier blog, the link remains because the issues are linked.

What is important now is that the media at large had access to more information that I had (or so they think), and they kept you, the reader in the dark. The bias against Donald Trump is THAT intense. Now, personally, I think that Donald Trump is as dangerous as a baboon on XTC, which is an issue as this primate is merely dangerous and lethal in the most docile of times. Its teeth rip through your flesh and bones in one bite. I’ll be honest, Baboons scare me, not because of what they do (they are equipped to protect, not to hunt people), they are highly intelligent, yet when cornered they can be the most dangerous animal you will face in a lifetime. Making my correlation with Donald Trump a lot more accurate than even I bargained for. His latest actions known as ‘Donald Trump’s Impeachment Threat‘ (at http://www.nytimes.com/2016/11/04/opinion/donald-trumps-impeachment-threat.html), when we see “they may well seek to impeach Hillary Clinton if she wins, or, short of that, tie her up with endless investigations and other delaying tactics“, the Democratic Party is seeing the result of President Obama’s bad presidency. The result and fallout of Benghazi, the mail issues with the Clintons and a few other matter. As stated, Congress gets to push the FBI and it is a republican congress. There is a little too much realism in the quote “Mrs. Clinton won’t be able to govern, because we won’t let her. So don’t waste your vote on her. Vote for us“, because her promise to do something about the economy will fall flat for at least 2 years. In addition, there are other matters that play, matters that involve the non-committal towards Common Cyber Sense and with the alleged Cyber-attacks from Russia (I am calling them alleged, because no clear evidence is in existence, yet clear reliable speculative data that pushes towards Russian involvement cannot be denied, not even by me), we see that Russia is instigating another cold war, one that America is unlikely to win makes the Democratic position even more weak. Even if we all admit that it is too unlikely for Russia to win this, it will work as an anchor on the US economy, so the next president has that to worry about too.

So as we are confronted with the Cyber issues at hand, in light of the extreme negligence that Hillary Clinton has shown to have, we see certain markers that weigh down on the positivity of her campaign. This might be the first election where the third party had a decent shot of winning, isn’t it a shame that Reverend Jesse Jackson wasn’t running? I reckon that unlike 1984 and 1988, he actually would have had a chance this time around, when we are brooding on which of the two is the lesser of two evils, the third player o gets be an actual contender #ThatsJustMe, wasn’t it funny that he of all people that showed up in Detroit yesterday after which he praised Donald Trump for his commitment of Diversity. Although from the news we have seen, I have to wonder if ‘diversity’ was about the sizes and shapes of breasts. I just had to get that of my chest, #Pardonemoi.

In all this, the media themselves are also a worry as they are pushing the people with outdated information. An example is the Business Insider only 2 hours ago. The article (at http://www.businessinsider.com.au/hillary-clinton-new-emails-found-fbi-2016-11), gives us “The FBI says it found new emails related to Hillary Clinton’s time as secretary of state, CBS News reported on Thursday. It is not known whether the emails are relevant to a case involving Clinton’s private email server, the network said, but the messages do not appear to be duplicates of emails the agency has already reviewed, according to an unnamed US official cited by CBS News“, the article was given the date and identity ‘Bryan Logan Nov 4th, 2016, 11:12 AM‘, yet when we look at the CBS article “In a letter to Congress last Friday, FBI Director James Comey indicated that the agency was taking steps to review newly discovered emails relating to Clinton’s private email server. Those emails came from the laptop of Weiner, a former New York congressman“, which was what I reported on 5 days ago, which came from CNBC on October 29th. So, as the Business Insider is intentionally misinforming the people. So, can we agree that the Media could now be regarded as ‘tempering’ with elections by misinforming the public? Even as we see these events evolve, we need to take heed that Donald Trump is the kind of man that large media corporations do not mind to be indebted to. Because his next crazy idea that pays off, these people will be knocking for exclusives, so when you think that you are getting informed, think again! The article never ‘lies’, it just trivialises older news and gives only part of the complete timestamp on other sides, leaving us with the message that Hillary Clinton has more eventful issues, instead of us getting the correct information that Business Insider is just rehashing old news, to get a few more cycles out of it. How is that not tempering with the view of the voters?

 

Leave a comment

Filed under Media, Politics

Where are my lenses?

For a moment I was contemplating the Guardian article ‘National borders are becoming irrelevant, says John McDonnell‘, which could be seen as a load of labour by the Bollocks party, or is that a load of bollocks by the Labour party? Anyway, the article was so shaky that it did not deserve the paper to explain the load of bollocks in there. What is however an interesting article, is the article in the National Security section of the Washington Post. The article “‘Eyewash’: How the CIA deceives its own workforce about operations” is worthy of digging into for a few reasons (at https://www.washingtonpost.com/world/national-security/eyewash-how-the-cia-deceives-its-own-workforce-about-operations/2016/01/31/c00f5a78-c53d-11e5-9693-933a4d31bcc8_story.html).

Initially, the very first thought I had was regarding Lao Tsu, who gave us the quote: ‘Those who know do not speak. Those who speak do not know‘, which is a truth in all this.

Apart from the title, the first quote to look at is: “Senior CIA officials have for years intentionally deceived parts of the agency workforce by transmitting internal memos that contain false information about operations and sources overseas“, there are a number of issues here, but let’s focus on one thread for now.

You see the second quote “Agency veterans described the tactic as an infrequent but important security measure, a means of protecting vital secrets by inserting fake communications into routine cable traffic while using separate channels to convey accurate information to cleared recipients” is at the very core of this.

No matter how you slice and dice it, the CIA has had a number of issues since 2002. The first is that after two planes got the wrong end of a vertical runway, the game changed, suddenly there was a massive overhaul and suddenly it had to deal with the United States Department of Homeland Security. In 2002 the DHS combined 22 different federal departments and agencies into a unified, integrated cabinet agency. More important, the DHS was working within and outside of American borders.

Now, the blissfully ignorant (including a host of politicians) seemed to live with the notion that under one flag and united, these people would start playing nice. Now, apart from that being a shaped a joke of titanic proportions, hilarious and all, the reality is far from that. You see, both the FBI and the CIA (not to mention the NSA) suddenly had to worry about 240,000 people, 240,000 security screenings. What do you think was going to happen? The issue of ‘false information about operations and sources overseas‘ is not an issue until you try to exploit that information, which means that you are doing something ILLEGAL (to the extent of being worthy of a shot through the back of the head). ‘Eyewash’ is only one cog in a vast machine of smokescreens that counterintelligence has to see how certain tracks of misinformation makes it outside the walls of intelligent wailing. You must have heard the story of the Senator/Governor who has a ‘friend’ in the CIA, not all those ‘friends’ are working valid paths. The intelligence community is a closed one for a reason. There is a clear chain of command, which means that the CIA has a chain of command and if a Senator or a Governor wants information, there is a clear path that he/she walks, from that point a politician gets informed if that person is allowed or has a valid reason for knowing. If anyone needs to move outside that path, you better believe that it is for political or personal reasons!

Now we get the quote that matters “officials said there is no clear mechanism for labelling eyewash cables or distinguishing them from legitimate records being examined by the CIA’s inspector general, turned over to Congress or declassified for historians“, I am not sure that this is correct. The question becomes what paths and what changes were pushed through in the last 2 administrations? I am willing to contemplate that errors have popped up since the Bush Government, yet in all this the parties seem to forget that the DHS was a political solution pushed through by politicians within a year. I know at least three companies that seriously screwed up a reorganisation of no more than 1,500 people over the period of 2 years, so what did you think would happen when 240,000 people get pushed all over the place? In addition, when a massive chunk of the intelligence section went private to get an income that was 400% better than there previous income (same place, same job), additional issues became their own level of a problem within the DHS, CIA, FBI (and again the non-mentioned NSA).

There were all levels of iterative issues in DATAINT, SIGINT, IT and Tradecraft. Names like Bradley/Chelsea Manning and Edward Snowden might be the most visible ones, but I feel 99.99993422% certain (roughly), that there were more. Eyewash is one of the methods essential to keep others off balance and in the dark what actually was going on, because it was not their business or place to know this. This gets us to the following quotes “But a second set of instructions sent to a smaller circle of recipients told them to disregard the other message and that the mission could proceed” and ““The people in the outer levels who didn’t have insider access were being lied to,” said a U.S. official familiar with the report. “They were being intentionally deceived.”“, now consider this quote from another source “Having DOOMED SPIES, doing certain things openly for purposes of deception, and allowing our spies to know of them and report them to the enemy“, which comes from chapter 13 of Sun Tzu’s ‘The Art of War‘, a book that is almost 2,500 years old, and the tactic remains a valid one. Should you consider that to be hollow, than consider the little hiccup that the British Empire faced (I just love the old titles). Perhaps you remember the names:  Kim Philby, Donald Duart Maclean, Guy Burgess and Anthony Blunt. They made a massive mess of British Intelligence, it took them years to clean up the mess those four had left behind, now consider adding 245,000 names, for the most none of them had passed CIA and/or FBI clearances. So what options did the CIA have? In addition, as we saw more and more evidence of the events linking to Edward Snowden, additional questions on the clearing process should be asked in equal measure, which leads to: ‘What options did the CIA have?’

In that light, the quote “Federal law makes it a criminal offense when a government employee “conceals, covers up, falsifies or makes a false entry” in an official record. Legal experts said they knew of no special exemption for the CIA, nor any attempt to prosecute agency officials for alleged violations” becomes little more than a joke, for the mere reason that not making the intelligence community exempt from this would be a very dangerous issue indeed. You see, today the CIA has a larger issue than just small players like North Korea, it has to deal with business conglomerates all over the world and they have become close to sovereign financial entities in their own right. What happens when a Senator chooses to take a book filled with intelligence anecdotes, just because it is an American Corporation? What happens when he gets the multi-billion dollar deal and he only has to ‘sweeten’ the deal a little? This is entering a grey area that most regard to be a grey area no one wants to touch, but what if it is not a high ranking official? What if it is just a mid-level controller, or a mere IT member looking for a retirement fund? Suddenly, this scenario became a whole lot more realistic, didn’t it?

Eyewash is just one cog in a machine of cogs, it drives a certain amount of cogs of the machine and as certain levels of Intel makes it outside of the walls, counterintelligence has a path to trot on, the article only lightly (too lightly) treads on those elements (yet they are mentioned), but the overall issue of internal dangers that the CIA (et al) faces are almost trivialised, in addition, the entire issue of the DHS and the linked dangers of intelligence access remains untouched. That is perhaps the only issue the article has. Well, from my point it has a few more, like under valuating the need for counter intelligence and the fact that this tactic had been around for around 2,500 years, but let’s not squabble on minor details.

The only additional minor detail I would like to add is that in all this is the missing component of the chain of command towards the Director of National Intelligence (which at present is James Clapper), in opposition, there is no denying that there is an issue that the internal mechanisms for managing eyewash cables were largely informal, which is an issue, even if there would be a clear document, likely higher than Top Secret within the CIA on how to identify and/or classify eyewash cables. Which now only leaves us with the Eyewash cables by No Such Agency like the CIA, but that is something for another day.

 

Leave a comment

Filed under IT, Media, Military, Politics

CISA and Privacy are not opposites

There is a view that many hold, this view is not educated. A view which was given to us from the moment we spawned as a living person. Some got this knowledge as they went to their church or temple. They were told about good and evil. When we started to go to school we got to learn about order and chaos. This last one matters, you see, the opposite that order and chaos represent has been used in books, in videogames, in TV shows and in movies. In the Avengers movie ‘Age of Ultron’, near the end of the film we hear a quote from Vision, played by Paul Bettany that matters: “Humans are odd. They think order and chaos are somehow opposites“.

You might not realise it but the gem that we have here is in the foundations of many issues that have been plaguing us in several ways. Let’s take a look at this in two parts. The first is a Guardian article (at http://www.theguardian.com/world/2015/oct/01/blackphone-release-data-protection-privacy-surveillance) called ‘Blackphone: privacy-obsessed smartphone aims to broaden its appeal‘. The very first paragraph is a quote that shows issues on more than one side “Privacy company Silent Circle has released a second version of its signature handheld, a smartphone designed to quell the data scraping and web tracking that’s become such an integral part of the digital economy in the last few years (and whose results might well end up with the NSA, if the Cybersecurity Information Sharing Act passes)“, now I have no issue with the data scraping part and for the most the term ‘whose results might well end up with the NSA’ is less of an issue, but the overall taste is about privacy, I have no issue with this. The next quote is an interesting one, which will matter soon enough “In the beginning, Janke said, the Blackphone project was just a way for people working for his security firm SOC, since sold, to call home without having their communications intercepted“.

You see, there is no issue with the message shown here, but what is linked to all this is the message that is not shown here. You see, this device should now be regarded as the most excellent tool for hedge funds managers, organised crimes and all other kinds of non-mentioned criminals, who will now get to do with ease and freedom the things they had to steeplechase around the block for. This device will allow financial advisors to take certain steps that they were too scared to do, all out of fear of getting caught. This device will be opening doors.

There is no issue with the approach Janke had, he was submerged (read: drowning) in a world where any slip up could mean the death of him, his comrades and perhaps even his family. So his need for security was a given. There is a need for such a device. I have written about the need for this device as early as 2009, so the fact that someone picks this up is not a surprise, so why are we looking at this?

You see, it is the mention of CISA that is part of all this. CISA or better stated the Cybersecurity Information Sharing Act is sponsored by Republican Senator Richard Burr (North-Carolina). Why would anyone oppose ‘the bill makes it easier for companies to share cyber threat information with the government‘? Let’s be clear this is about dealing with Cyber Threats!

So what is a Cyber Threat? A Cyber threat is defined as ‘a malicious attempt to damage or disrupt a computer network or system‘, so we have the fact that this is about malicious attempts! So why would there be an issue? Well, there is because people and as it seems to be especially criminals, terrorists and Organised Crime seem to be allowed a lot more privacy than their victims, so in all this I see little issues pop up all over the place. This sounds all emotional, but what does the official text state? Well, the complete text is at https://www.congress.gov/bill/114th-congress/senate-bill/754, so let’s take a look at some parts.

Permits state, tribal, or local agencies to use shared indicators (with the consent of the entity sharing the indicators) to prevent, investigate, or prosecute offenses relating to: (1) an imminent threat of death, serious bodily harm, or serious economic harm, including a terrorist act or a use of a weapon of mass destruction; or (2) crimes involving serious violent felonies, fraud and identity theft, espionage and censorship, or trade secrets“, How can we be opposed to this? Is this not the foundation of growing fair play?

Well, that is partially the question. You see, the issue is in part the language. Consider this paraphrase which remains correct in light of the previous statement: “Permits local agencies to use shared indicators (with the consent of the entity sharing the indicators) to prosecute offenses relating to serious economic harm“. Which is now the floodlight of all this.

Now we get to the second part in all this, which is offenses relating to serious economic harm. Serious economic harm tends to be seen as pure economic loss, but it is not limited to that. For this we can look at the element ‘Loss of production suffered by an enterprise whose electricity supply is interrupted by a contractor excavating a public utility‘, which we see in Spartan Steel & Alloys Ltd v Martin & Co (Contractors) Ltd. In here the legislatively famous Lord Denning raised the issue of ‘Duty to mitigate loss’. Yet today, in the world of data and digital media, how can we measure that element? Let me show this through an exaggerated fictive example.

Microsoft raises the issue that as they required an investigation into acts that are causing serious economic harm to Microsoft. Unique software has been released that directly negatively impacts they trademarked business. The CISA could now be in effect to investigate data and data sources, but who minds that store? Who has that knowledge? Now consider that the person investigated would be Markus Persson, because his program ‘Minecraft’ is now stopping all people who are part of the Microsoft Gaming brand to continue.

So who will make that call? You might think that this is a ludicrous example, but is that so? Microsoft ended up paying more than 2 billion for it, so someone implying ‘Serious Economic Harm’ is not that far-fetched. This now becomes an issue for a timeline. What timeline is in effect here? With an imminent threat of death this is a simple matter, with serious economic harm that matter is far from simple, moreover will the claim be valid? I used the ludicrous Minecraft and Microsoft Games brand. Yet what happens when this is a lot more ‘grey’, what happens when this is Raytheon versus the Belgium based TTN Verhaert? A Technology Transfer Network (TTN) that has innovated the latest classified satellite navigation systems. Is it still a clear call as to what constitutes serious economic harm?

This act opens up a can of intellectual property, the one can everyone wants to swim in and the elected official channels do not even have a fraction of the minimum required insight to make such a call.

Section 9 gives us “Directs the DNI to report to Congress regarding cybersecurity threats, including cyber-attacks, theft, and data breaches. Requires such report to include: (1) an assessment of current U.S. intelligence sharing and cooperation relationships with other countries regarding cybersecurity threats to the U.S. national security interests, economy, and intellectual property; (2) a list of countries and non-state actors that are primary threats; (3) a description of the U.S. government’s response and prevention capabilities; and (4) an assessment of additional technologies that would enhance U.S. capabilities, including private sector technologies that could be rapidly fielded to assist the intelligence community

When we consider both A and B, we should look at ‘U.S. SEC drops Onyx insider trading lawsuit against Dubai men’ (at http://finance.yahoo.com/news/u-sec-drops-onyx-insider-230111643.html) from September 15th. The quote here is “Smith said the Newman decision was ‘helpful,’ but that the SEC ‘never had a tipper’ or evidence that his clients received inside information”, one would think that this is where CISA could now step in. Alas, apart from the side that is implied by the CISA text: ‘assessment of additional technologies that would enhance U.S. capabilities, including private sector technologies that could be rapidly fielded to assist the intelligence community’, which according to Blackphone is not an option, we now see that this opens a door to ‘patsy management’ on how two unsecured parties, could be set-up through the use of Blackphone through encrypted conversations and when the two unsecured parties talk, they could be setting each other up thanks to the other two parties that were using a Blackphone. Blackphone here has no blame whatsoever, they would be offering the one part criminals desperately want, a secured phone. This now sets a dangerous precedence, not a legal one, because Blackphone is behaving itself as it should, the provider of secure communications, it is what people do with it that matters that part cannot be guaranteed by the Cybersecurity Information Sharing Act. In addition, S. 754 has one additional flaw. That flaw is seen in the definitions, where we see that the earlier mentioned definition ‘serious economic harm’ is not specified in the definitions at all, so what definition applies?

Beyond that, we see the definition of a cybersecurity threat. In here it is important to take a look at part A and part B.

part a gives us: “IN GENERAL.—Except as provided in subparagraph (B), the term “cybersecurity threat” means an action, not protected by the First Amendment to the Constitution of the United States, on or through an information system that may result in an unauthorized effort to adversely impact the security, availability, confidentiality, or integrity of an information system or information that is stored on, processed by, or transiting an information system” and part B gives us “EXCLUSION.—The term “cybersecurity threat” does not include any action that solely involves a violation of a consumer term of service or a consumer licensing agreement“, which sounds nice, yet how does it help stem cybersecurity threats?

You see, when you consider the letter send by UCLA to Chairman Dianne Feinstein in June last year, we see: “CISA’s inadequate use limitations risk turning the bill into a backdoor for warrantless use of information the government receives for investigations and prosecutions of crimes unrelated to cybersecurity“, which could be regarded as the biggest failure, but it is not, it is the part we see in “CISA requires that cyber threat indicators shared from the private sector with the Department of Homeland Security (DHS) be immediately disseminated to the Department of Defense, which includes the NSA and U.S. Cyber Command. This new flow of private communications information to NSA is deeply troubling given the past year’s revelations of overbroad NSA surveillance“. It is the ‘be immediately disseminated to the Department of Defense’ that comes into play now. When we consider ‘Overbroad Liability Protection‘, which can now hide by giving that function to an intern so that “good faith” reliance remains is a potential risk that could be pushed by big business to hide behind the ‘dope’ who acts in ‘good faith’.

Is that truly the blackness we face? Well, that is hard to say, the fact that this act relies on ambiguity and is lacking certain rules of restraint, or at least certain safeguards so that data cannot leave the intelligence office is reasons enough to have a few more discussions on this topic. What is interesting is that CISA would create a fear, which Black phone addresses, yet in similar method other players will now receive an option allowing them to play large dangerous games whilst not becoming accountable, that new Blackphone could address several issues the shady commercial interest guy is very happy to exploit.

The question becomes, how does any of this make us any safer?

So now we get back to the Age of Ultron line. As we see that crime is becoming an orderly event, the fact that we tend to hide in chaos the issues that should be open for all is part of the dilemma we now face. Again we are confronted with laws that remain inadequate to deal with the issues that needed to be dealt with. CISA takes in my view a chaotic approach to keep a level of order that was delusional from the very start, from missing definitions to application of methodology. It is a cog not linked to any machine, proclaiming soon to be of use to all machines and in the end, as I see it will only hinder progress on many levels, mainly because it tries to circumvent the accountability of some. And this is not just an American issue. In that regard laws and the protection of the victims have been an issue for a longer time. We only need to look to the Tesco grocery store on the corner to comprehend that part of the equation.

 

 

1 Comment

Filed under IT, Law, Military, Politics, Science