Tag Archives: Eindhoven

The price of identity

We all have needs, we all have identities. It is important to us, as it is for many others. No one debates or disagrees with it. Yet what to do when identity hinders us? When we see the Washington Post (at https://www.washingtonpost.com/world/national-security/former-nsa-deputy-is-mattiss-leading-choice-to-head-the-spy-service-if-it-splits-from-cyber-command/2018/10/05/1be8d7a8-c73d-11e8-b2b5-79270f9cce17_story.html) giving us ‘Former NSA deputy is Mattis’s leading choice to head the spy service if it splits from Cyber Command‘, we need to consider the impact of identity, corporate identity, governmental identity, military identity, projected and presented identity. They are not the same and can vary to a much larger degree. When someone is part of what used to be referred to ‘No Such Agency‘. We will get the impact of identity; we all know that and many faced it too. Look at any friend or co-worker you have ever known and ask him/her about the impact of a merger and they will tell you, there are changes. Some are subtly, some are not noticed, yet others are, usually in infrastructure and the way things were done. Now the change tends to be for the good in the long run but that is not a given.

So what gives?

It is my personal observation and a highly speculative one at that. Yet I believe that the Washington Post giving us: “The current head of both organizations, Gen. Paul Nakasone, has urged Mattis to keep the NSA and U.S. Cyber Command under one leader on the grounds that the nine-year-old military organization is not ready to stand on its own, these people said. In recent weeks, Mattis was close to a decision to separate the leadership arrangement, but Nakasone’s counsel has caused him to reconsider, according to two U.S. officials. The officials spoke on the condition of anonymity to discuss sensitive internal deliberations“, is not entirely accurate. I believe that ‘military organization is not ready to stand on its own‘ is not the setting that matter. I believe that Stratfor who gives us ‘A New, More Aggressive U.S. Cybersecurity Policy Complements Traditional Methods‘ is very much at the heart of that. I believe that the general is not ready or perhaps unwilling to set the offensive and aggressive part in motion. Now, this is no bad reflection on the general, let that be a first. He is well decorated, he has seen the field in many ways and he has done a fair share of field events. He has earned his rank. I merely wonder that a man who has seemingly played a defence and protection game is the man for the offense. I think that this is a football moment, and as a non-football expert (and a 49ers fan) I would compare the General to DeMarcus Lawrence from the Dallas Cowboys against what the US seems to demand is a Derrick Henry (Tennessee Titans), or even a Tom Brady (New England Patriots), roles that are not really moveable. Even as a Quarterback might become a really good Derick Henry that Quarterback will never become a DeMarcus Lawrence. The defence and offense game is that far apart. This is where Chris Inglis comes in. He is an analyst (at heart), he is used to counter offensive strategies and introduce strategies of his own (effective one’s mind you). I believe that this is the game that is in the open at present and these two will need to find a way to make it work. Not merely because it is good for the needed strategy, but because the segregation of the two elements might hurt U.S. Cyber Command in a few ways, not merely funding, but the elements that U.S. Cyber Command currently have access to will partially fall away and getting two infrastructures like the NSA is unyielding, unaffordable and in the end will introduce flaws and dangers on both sides of the isle making the setting (as I personally see it) a non-option right of the bat. Stratfor gives us a few other items.

One of them is “A best-case scenario for a U.S. cyberattack would be disabling computer systems and networks being used against U.S. interests to prevent an attack from happening or to disrupt an attack that is in progress“. The problem there is that some of the opponents are getting to be really good at what they do and a few of them are not state driven, not by any state changing the dynamics of the solution. Even as I discussed the hop+1 strategy almost three years ago, settings like that require an expert layer one knowledge and the players cannot both have these experts changing the needs of the infrastructure overnight.

The second consideration is: “Perhaps the main challenge to U.S. engagement in tit-for-tat cyberattacks is that the United States is by far the biggest target for such attacks“. That might be true but that goes beyond mere true enemies, it includes a truckload of students wanting to finger the man (or is that giving them the bird)? Do they really want to waste resources to those people whilst the US has actual enemies in the world?

The larger issue is seen with: “Discussing the strategy, national security adviser John Bolton hinted that the administration had already taken steps to bolster offensive efforts in recent weeks, warning that the United States is no longer just playing defense when it comes to cybersecurity. But despite the Trump administration’s more hawkish tone regarding cybersecurity, it will continue mainly to rely on traditional measures such as the legal process, regulations and cooperation with the private sector when it comes to cybersecurity” It is here when we get the consideration of the resources required. The defence, offense and legal sides of it all becomes a real mess if the two split up giving the chance that targets and issues walk away on technicalities. How does that help?

The strategy s even more profound when we consider “Clandestine, discreet attacks are certainly already key elements of U.S. cyber tactics. There have likely been more examples of U.S.-launched attacks that have not come to light, perhaps because they were never recognized as cyberattacks. While the less known about U.S. cyber capabilities, the more effective they will be when deployed, this by definition limits the deterrence value of U.S. cyber capabilities“, at this point is the setting of ‘discreet’ that comes into play. With the two separated they will get into each other’s fare waters and more important give accidental light to the discreet part of the operation, there will be no avoiding it, only the most delusional person would think that it does not get out when more than one player is involved, because that will always introduce a third item being the intermediary, the cold war taught many players that part of the equation. And that is even before we get to the statement: “recent cases like the September indictment of North Korean cyber operatives, which displayed heavy FBI reliance on private security firms such as Mandiant and Alphabet to collect technical evidence and carry out investigations“, now we see the folly as Mandiant and Alphabet are mentioned, the entire matter grows further as soon as Constellis becomes part of the equation. That is beside the point of realising (highly speculative on my side) that neither three Mandiant, Alphabet and Constellis have the required safe servers in place to prevent names, places and facts from going out into the open. I might not be able to get in, but there are dozens who will get in and that voids the security of the matter to a much larger degree. For arguments sake I will leave Booz Allan Hamilton out of that equation, they have been snowed on long enough.

And even as we see the instance of legal preference, the US must realise that any attack from state or non-state parties in China or Russia has close to 0% of being successful (outside of the exposure part), the entire matter in case of the OPCW in the Netherlands is one. An attack was thwarted, yet was it THE attack? The guardian article (at https://www.theguardian.com/world/2018/oct/04/visual-guide-how-dutch-intelligence-thwarted-a-russian-hacking-operation) reads nice, and we see all these facts and from my point of view, things do not add up. You see, I would have used the car that we see mentioned “In the boot of their car was uncovered an arsenal of specialist electronic Wi-Fi hacking equipment” as a fire and forget consumable, use it as an access point, segregating the hacker from the accessing unit. When you have (as they stated) “cash: €20,000 and $20,000” getting a second car far enough to access yet not be directly linked is seemingly easy enough. Then there is the setting of the photo at Amsterdam’s Schiphol airport. I am not debating the issue of the photo, it seems genuine enough. In this operation they did not fly to Germany and took the train, or take a car and cross at Oldenzaal, Emerich, or even via Belgium and enter via Antwerp, or Eindhoven. It almost read like they wanted to get noticed. They know that Amsterdam Airport is high tech and nothing escapes their camera eyes. To me (a paranoid me) it comes across as ‘Where did they not want us to look‘. A mere sleight of hand deception, and again the entire GRU mention. A phone outside of that building and they had the taxi receipt? No one merely driving them to the airport in Russia or even them taking a bus from any hotel in Moscow. No a taxi receipt of all things, is anyone buying that? So in this it is not the Dutch, it is the Russian side that makes no sense at all.

How did I get there?

This is the initial setting of offense and defence. The proper application of strategy in all this matters, because we seem to undervalue and underestimate the need of either in all this. Because we get to push a button anywhere and anytime we seem to underestimate on what is recorded, what is collected and what can we verify. That entire mistake is how any offensive strategy can optionally become folly from the moment the instigation of ‘press any key‘ to start gets us. Proper offensive is not about doing what needs to be done, it is about being able to prove who did what. Perhaps Sony remembers that part as they were given that it was North Korea did something, whilst their computers were not even close to PC gaming ready, the mere processor, which was about 25% (at best) of a 1994 Silicon Graphics Indigo system is not the system that gives you what you need to hack the night away. The tools are equally as important as the access and ability to negate identity. When you see that part, the entire hop+1 intrusion path makes a lot more sense.

This now gets us to the end of the Washington Post, where we were treated to: ““As the build of the cyber mission force wraps up, we’re quickly shifting gears from force generation to sustainable readiness,” Nakasone said in a statement in May. “We must ensure we have the platforms, capabilities and authorities ready and available” to carry out successful cyber-offensives. Some former senior intelligence and defense officials oppose separating the “dual-hat” leadership arrangement, including former NSA Director Keith Alexander, former Director of National Intelligence Mike McConnell and former Defense Secretary Robert Gates. This week, former CIA Director David Petraeus, a retired Army general, said during a Washington Post cyber summit that he’d keep the dual-hat arrangement “for the time being.”” It is not merely the ‘we have the platforms, capabilities and authorities ready and available‘, you see, when we get to capabilities we see the need of offensive players and even as Cyber command might be aces in their field, the offensive game differs to some degree and even as we see that they are way above the student levels, we get back to the Football equivalent you see the application of defence and offense. It is not DeMarcus Lawrence versus Derrick Henry, the question becomes can DeMarcus Lawrence be a Derrick Henry that is good enough, that is the battle within. The mere realisation that if you fail this when the offensive is broken into a train wreck that makes the limelight in every paper, that is the game that is the dilemma that Gen. Paul Nakasone faces as I personally see it.

And when we see Stratfor with the one little gem we did not consider, the mere proposed fact that North Korea has a mere 9,000 IP Addresses, do you really think that they could have done this all, or are we in a setting where someone had the ability to act on BGP hijacking and was able to mask it to the level it needed to be masked at, because that was the offensive play that needed to be considered and there was no way that the evidence had been uncovered to that degree with a backdoor could be removed with a simple reset of routers.

#FourtyNinersRule

 

Advertisements

Leave a comment

Filed under IT, Law, Media, Military, Politics, Science

Awaiting next week

Whatever happens, will happen. You see, the E3 is on next week and in this it will be the week of gamers. We will see presentations from the big makers and they will either wow or BS us. The interesting part is that this is the one week in the year where we either do not care or we cannot tell the difference. You could tell a little better if you are actually there, but that is not for all to do, unless you live in California that is.

The big players will give us on Saturday the 10th the EA press conference, the day after it will be for Microsoft and Bethesda to ‘wow’ its public. Monday will be Ubisoft and Sony, followed that day after by Nintendo and several small presentations with two unannounced AAA games. There is a chance that the new GTA expansion Gunrunners will take one of them. Tuesday till Thursday, from 19:30 (LA time), we will get the Giant Bomb Live (whatever that is). During those days we will get additional presentations some like Shadow of War (Shadow of Mordor 2) is set, and we will see demonstrations of games (titles not given, other than the platform they are on) and the rest is about seeing the stands and watching what wealthy gamers can enjoy in person. It is the chaos all gamers desire. There are already games in place, games by marketeers. You see Ubisoft is in a difficult position. When we see: ‘New Assassin’s Creed: Origins Leak Shows Main Character, Pyramid, And Bonus Content‘ we see a title that implies that either the issue of Ubisoft not knowing how to deal with security, which is a problem. Or, what is more likely is that its marketing department is dipping its toes in the water trying to see the feedback. The second is more likely as this is pretty much the last chance Ubisoft has to recapture the audience it lost from this franchise and that is a large audience. The fact that it is safer nowadays to just wait 8 weeks and buy the limited editions with 50% discount gives you the idea of their loss. In the old days those boxes would be sold out even before the first day of release was even close to happening, Ubisoft lost that much. The EA presentation is a hard one. When we consider what is confirmed, than they do have an issue, however, they might have surprises for us, which most tend to have. For EA it is a hard one, because they are kicking off E3 2017. Bethesda did such an amazing overwhelming job last year that EA is in a tough position, I am not writing them off, but until we see a gossip part of something truly amazing, EA might not rock-da-house so to speak. Bethesda comes the next day with several titles that will capture the minds of gamers. Several of them are all about shooting; at least one will be about shooting, stabbing and killing Nazi’s, so Blazkowitz is expected to be nearby. The Evil within 2 is announced through rumour, which is a nice surprise. After giving us a different kind of nightmare a few years ago, we will get to see what will make us fear what is under the bed this year. In addition Elder Scrolls online players will get to see more, so there is that to look forward to. The latest rumour is that there is a small chance that we will get a first glimpse of the new Elder Scrolls game, and a smaller chance that a tease for the next Fallout will hit our eyes in roughly 3 days 4 hours and a few minutes. We got a fistful of teaser last year with the upcoming god of War last year from Sony. The title is still not out, so we should expect to see more of that game, hopefully updated with an actual date of release. For the PS4pro fans, we should be hopeful to see David Braben show off the PS4 edition of Elite Dangerous, as this version is out on June 27th, which is less than 2 weeks after the E3. This E3 will be a lot more about DLC’s, so the Blizzard fans will get to see loads of upcoming stuff. The list of people awaiting the Diablo 3 addition is larger than the LA White pages, so this is something we hope to see the official release date on. Another reason to seek YouTube on the E3 events is to see the floors. When you realise that the booths of Ubisoft, Bethesda, Microsoft and Activision are the size of a department store, you know you will get to see unique things that the non-visitors will envy you for; especially, when you start forwarding the ‘selfies’ with a larger than life Butcher (Evil within, 2013). This is just one of several halls described, so when I say that the E3 is the gamers place to be, I am understating the need to be there by a fair amount. It gets even wilder when you realise that in another hall, the Sony stand is larger than the Bethesda and Microsoft combined, so we will very likely get to see a few more things regarding all things PS4pro.

In the end, do not just take my word, find the E3 events and watch the presentations. Those will show you for one what you missed out on and it will also be a first step in creating your upcoming Christmas wish list. So far the last three years have shown me what was coming and how much I was unaware of the games I really wanted. One presentation is unknown to be there, but the Subnautica early release on Xbox One was overwhelming. Not just as a game, but as the game grew and as we got more and more, the game will become an absolute must on the PS4, which is expected to be released in September 2017. Oh, and the E3 is not just software, hardware players like NVidia will also be present, so any new hardware development for PC graphics will be visible too.

So as we are awaiting the arrival of next week, for those who are a little over the bulk promises from political parties, the escalations in France and Germany’s move from Turkey, there is the option to just get into gaming and see where that leaves your sanity. In addition, as you get deeper into Call of Duty, you might find yourself more and more imagining these Nazi’s to be ISIS fighters; there is no war like the present I say. So as I leave Activision with the idea of a free DLC, so that we can practice. I also leave you with the comment of Josh Hutcherson in Red Dawn, where he states: “Dude, we are living Call of Duty and it sucks!

That is to make you aware of the difference between gaming in a lazy chair and an actual theatre of war. Because as we seek a little escapism from reality, which is good for the soul at times. We should not forget that the deadly reality is on several doorsteps; in addition, the implied changes I suggested yesterday were partially implemented by France less than 24 hours later. What were the chances of me predicting that? I offer the thought that this was not a game and the changes required in Europe seem to be adopted in France, which is good as they lack a level of security that the UK has due to the fact that it is an island. In addition, the BBC (at http://www.bbc.com/news/uk-40195212) gives us more on Youssef Zaghba and more important, the fact that Italy placed Youssef on the SIS2 list, which now beckons the call on how Youssef actually entered the UK. If it was though the Netherlands (Ferry) or the smaller airfields like Rotterdam or Eindhoven, the question becomes how diligent are these checks? There are a few unknowns, but it seems that within Schengen, certain unchecked issues are now an actual security concern. So as we see certain implied accusations, we need to wonder whether Youssef was on SIS2, and if so when was he added?

These are all issues awaiting us for next week, one is all about recreation, one is about anything but recreations and the rest falls in the middle. We can argue, or have a conversation how the terror curve is an inverted recreation curve, yet in all this; the one element that I raised yesterday is now coming to the forefront. I mentioned that we need to think in new ways, we need a new approach to tackle intelligence solutions. The one part they all ignore, or philosophise around it, is that the better game designers have been developing at the edge of hardware possibilities and software creativity for years, a few literally for decades. It is not the worst idea for some of the larger players in the field of security find a way to have a serious conversation with some developers in regards to how creative solutions in data parsing could be found. Some of the larger developers have been doing just that for a decade or more.

As I stated, and I stand by that ‘we need to stop looking in the same direction and regard any box to be obsolete, we need to start being creative to the application of data and technology‘, it is that approach that got me to solve the NHS IT issue. The foundation took a mere hour to ‘solve’.

To those doubting me (always a valid option), I now have a few dozen I told you so articles where what I stated and those following learned came with a difference of weeks, not hours. So I reckon I have made my point a few times. When it comes to the upcoming elections, my larger fear is that Corbyn succeeds by swaying the people to dive the UK in a deeper debt, one that it cannot overcome for decades, it leaves the UK too vulnerable. So consider your choice, and also consider the bleeding hearts of Amnesty International. As they proclaim on loss of rights in Paris, they seem to leave the people in the dark on the dangers that France has faced a few times and how these dangers for now persist. There is a time and a place for everything, and for the most I have never opposed peaceful protests, yet these tend to escalate fast, and it only takes a few people to escalate it beyond proportions. In a time when a man attacking people with a hammer near Notre Dame is just another moment of extremism, is the question, should we protest now, at a time when groups get targeted by extremists? There is nothing stopping them to do this online, via Facebook or Twitter. As stated, it is not about the protest it is about the timing in the light of events as they are happening in Europe. Perhaps my thoughts are wrong on this, and you are welcome to oppose that. Yet with the amount of attacks, with the dangers as the flood of extremists is not known, do you want to be the person starting a peaceful protest, only to guide those who agree to a dangerous life threatening situation?

I do not proclaim to be wise enough to have the answer here; I am merely going on common sense here. So as we get towards and through next week. Perhaps at that point will the information be shown that I was right or wrong? I am happy to be wrong, I am less happy that me, myself and I setting the wrong stage costing the lives of others. That is fair too, is it not?

So as we see the throne of games evolve over the next week on the stages of politics, policies and PlayStation, we need to try and identify, what is marketing and what is BS marketing. The difference will impact the lives of many. It is easy to shrug it off when it is a $100 video game; it is less entertaining when it causes 15 years of austerity. I’ll let you decide on how fair that is, when in doubt, see austerity in action by watching the news on Greece!

 

Leave a comment

Filed under Finance, Gaming, IT, Media, Military, Politics, Science