Tag Archives: FBI director James Comey

Targeting the FBI

Do not worry, the FBI is not under attack from any hostile force, in this particular case it is me who will be on the offensive regarding statements made in 2014. Let me explain why. To get to the start of this event, we need to take a step back, to be a little more precise we need to turn to the moment 645 days ago when we read that Sony got hacked, it got hacked by none other than North Korea. It took me around an hour to stop laughing, the stomach cramps from laughter are still on my mind when I think back to that day. By the way, apart from me having degrees in this field. People a lot more trustworthy in this field, like Kim Zetter for Wired Magazine and Kurt Stammberger from cyber security firm Norse. The list of sceptics as well as prominent names from the actual hacking world, they all had issues with the statements.

We had quotes from FBI Director James Comey on how tightly internet access is controlled there (which is actually true), and (at https://www.fbi.gov/news/pressrel/press-releases/update-on-sony-investigation) we see “the FBI now has enough information to conclude that the North Korean government is responsible for these actions“. I am pretty sure that the FBI did not expect that this would bite them down the track. This all whilst they rejected the alternate hack theory that Cyber Intelligence firm Norse gave (at http://www.politico.com/story/2014/12/fbi-rejects-alternate-sony-hack-theory-113893). Weirdly enough, the alternative option was no less than ten times more possible then the claim that some made. Another claim to have a giggle at came from Homeland Security, the quote was “The cyber-attack against Sony Pictures Entertainment was not just an attack against a company and its employees. It was also an attack on our freedom of expression and way of life“, which is a political statement that actually does not say much. The person making it at the time was Jeh Johnson.

You see, this is all coming to light now for the weirdest of reasons. The Guardian (at https://www.theguardian.com/world/2016/sep/21/north-korea-only-28-websites-leak-official-data). The subtitle gives us “Apparent error by a regime tech worker gave the world a rare glimpse into the few online sources of information available“, so one of these high profile worldly infamous hackers got a setting wrong and we get “But its own contribution to the world wide web is tiny, according to a leak that revealed the country has just 28 registered domains. The revelation came after one of North Korea’s top-level name servers was incorrectly configured to reveal a list of all the domain names under the domain .kp“, you see, here we see part of the fun that will now escalate.

In this I invite NSA director Admiral Michael Rogers and FBI Director James Comey to read this, take note, because it is a free lesson in IT (to some extent). It is also a note for these two to investigate what talents their agencies actually have and to get rid of those who are kissing your sitting area for political reasons (which is always good policy). When  the accused nation has 28 websites, it is, I agree not an indication of other internet elements, but let me add to this.

The need to prototype and test any kind of malware and the infrastructure that could actually be used against the likes of Sony might be routed via North-Korea, but could never originate there. The fact that your boffins can’t tell the difference is a clear given that the cyber branch of your organisations are not up to scrap. In that case it is now imperative that you both contact Major General Christopher P. Weggeman, who is the Commander, 24th Air Force and Commander, Air Forces Cyber (AFCYBER). He should most likely be at Lackland Air Force Base, and the phone number of the base is (210) 671-1110. I reckon setting up a lunch meeting and learn a thing or two is not entirely unneeded. This is not me being sarcastic, this is me telling you two that the case was mishandled, got botched and now that due to North Korean ‘expertise’, plenty of people will be asking questions. The time requirement to get the data that got taken was not something that happened overnight. For the simple reason that that much data would have lit up an internet backbone and ever log alarm would have been ringing. The statement that the FBI made “it was unlikely that a third party had hijacked these addresses without allowance from the North Korean government” was laughable because of those pictures where we saw the Korean high-command behind a desktop system with a North Korean President sitting behind what is a mere desktop that has the computation equivalent of a Cuisena Egg Beater ($19.95 at Kitchen Warehouse).

Now, in opposition, I sit myself against me. You see, this might just be a rant, especially without clarification. All those North Korean images could just be misdirection. You see, to pull of the Sony caper you need stimulation, like a student would get at places like MIT, Stanford, or UTS. Peers challenging his solutions and blocking success, making that person come up with smarter solutions. Plenty of nations have hardware and challenging people and equipment that could offer it, but North Korea does not have any of that. The entire visibility as you would see from those 28 domains would have required to be of much higher sophistication. You see, for a hacker, there needs to be a level of sophistication that is begotten from challenge and experience. North Korea has none of that. Evidence of that was seen a few years ago when in 2012 in Pyongyang I believe, a press bus took a wrong turn. When some reporters mentioned on how a North Korean (military I believe) had no clue on smartphones. I remember seeing it on the Dutch NOS News program. The level of interaction and ignorance within a military structure could not be maintained as such the military would have had a clue to a better extent. The ignorance shown was not feigned or played, meaning that a technological level was missing, the fact that a domain setting was missed also means that certain monitoring solutions were not in place, alerting those who needed to on the wrongful domain settings, which is essential in regards to the entire hacking side. The fact that Reddit and several others have screenshots to the degree they have is another question mark in all this last but not least to those who prototype hacking solutions, as they need serious bandwidth to test how invisible they are (especially regarding streaming of Terabytes of Sony data), all these issues are surfacing from this mere article that the Guardian might have placed for entertainment value to news, but it shows that December 2014 is a very different story. Not only does it have the ability to exonerate the

We see a final quote from Martyn Williams, who runs the North Korea Tech blog ““It’s important to note this isn’t the domain name system for the internal intranet,” Williams wrote. “That isn’t accessible from the internet in any way.”” which is true to some extent. In that case take a look to the PDF (at https://www.blackhat.com/presentations/bh-usa-07/Grossman/Whitepaper/bh-usa-07-grossman-WP.pdf) from WhiteHat security. On page 4 we get “By simply selecting common net-block, scans of an entire Class-C range can be completed in less than 60 seconds“, yes, I agree you do not get that much info from that, but it gives us to some extent usage, you see, if something as simple as a domain setting is wrong, there is a massive chance that more obscure essential settings on intranet level have been missed, giving the ‘visitor’ options to a lot more information than most would expect. Another matter that the press missed (a few times), no matter how Time stated that the world was watching (at http://time.com/3660757/nsa-michael-rogers-sony-hack/), data needs to get from point to point, usually via a router, so the routers before it gets to North Korea, what were those addresses, how much data got ported through?

You see, the overreaction from the FBI, Homeland Security, NSA et al was overly visible. The political statements were so out in the open, so strong, that I always wondered: what else? You see, as I see it, Sony was either not the only one who got hacked, or Sony lost something else. The fact that in January 2015 Sony gave the following statement “Sony Entertainment is unable to confirm that hackers have been eradicated from its computer systems more than a month after the film studio was hit by a debilitating cyber-attack, a report says“, I mentioned it in my article ‘Slander versus Speculation‘ (at https://lawlordtobe.com/2015/01/03/slander-versus-speculation/). I thought it was the weirdest of statements. Basically, they had almost 3 weeks to set up a new server, to monitor all data traffic, giving indication that not only a weird way was used to get to the data (I speculated on an option that required it to be an inside job), yet more important, the fact that access had not been identified, meaning it was secured gave way to the issue that the hackers could have had access to more than just what was published. That requires a little bit more explanation. You see, as I personally see it, to know a transgressor we need to look at an oversimplified equation: ‘access = valid people + valid systems + threats‘ if threats cannot be identified, the issue could be that more than one element is missing, so either you know all the access, you know all the people and you know the identity of valid systems. Now at a place like Sony it is not that simple, but the elements remain the same. Only when more than one element cannot be measured do you get the threats to be a true unknown. That is at play then and it is still now. So if servers were compromised, Sony would need a better monitoring system. It’s my personal belief (and highly speculative) that Sony, like many other large companies have been cutting corners so certain checks and balances are not there, which makes a little sense in case of Sony with all those new expansions corners were possibly cut and at that point it had an IT department missing a roadmap, meaning the issue is really more complex (especially for Sony) because systems are not aligned. Perhaps that is the issue Sony had (again this is me speculating on it)?

What is now an issue is that North Korea is showing exactly as incapable as I thought it was and there is a score of Cyber specialists, many of them a lot bigger then I will ever become stating the same. I am not convinced it was that simple to begin with, for one, the amount of questions the press and others should have been asking regarding cloud security is one that I missed reading about and certain governmental parts in the US and other nations have been pushing for this cheaper solution, the issue being that it was not as secure as it needed to be, yet the expert levels were not on par so plenty of data would have been in danger of breaching. The question I had then and have now a lot louder is: “Perhaps Sony showed that cloud server data is even less secure than imagined and the level required to get to it is not as high as important stakeholders would need it to be“. That is now truly a question that matters! Because if there is any truth to that speculation, than the question becomes how secure is your personal data an how unaware are the system controllers of those cloud servers? The question not asked and it might have been resolved over the last 645 days, yet if data was in danger, who has had access and should the people have been allowed to remain unaware, especially if it is not the government who gained access?

Questions all worthy of answers, but in light of ‘statements made’ who can be trusted to get the people properly informed? Over the next days as we see how one element (the 28 sites) give more and more credible views on how North Korea was never the culprit, the question then becomes: who was? I reckon that if the likely candidates (China, Russia, UK and France) are considered there might not be an issue at all, apart from the fact that Sony needs to up their Cyber game, but if organised crime got access, what else have they gotten access to?

It is a speculative question and a valid one, for the mere reason that there is at present no valid indication that the FBI cyber unit had a decent idea, especially in light of the official response towards cyber security firm Norse what was going on.

Could I be wrong?

That remains a valid question. Even when we accept that the number of websites are no indication of Intranet or cybersecurity skills, they are indicative, when a nation has less websites than some third world villages, or their schools have. It is time to ask a few very serious questions, because skills only remain so through training and the infrastructure to test and to train incursions on a WAN of a Fortune 500 company is not an option, even if that person has his or her own Cray system to crunch codes. It didn’t make sense then and with yesterday’s revelation, it makes even less sense.

Finally one more speculation for the giggle within us all. This entire exercise could have been done to prevent ‘the Interview’ to become a complete flop. You know that movie that ran in the US in 581 theatres and made globally $11,305,175 (source: Box Office Mojo), basically about 10% of what Wolf of Wall Street made domestically.

What do you think?



Leave a comment

Filed under IT, Media, Military, Politics, Science


Perception is an essential need for all of us. Yes, it is used in videogames where the power of perception allows us to see our foes approach earlier (Fallout series), or it allows the game to play with our minds as floors become ceilings and where statues follow your every move (Eternal Darkness: Sanity’s Requiem). Just two of many options, but this is not about gaming or about a videogame. You see perception allows us to perceive the events as they take place. From my perception it is clear that the events in Martin Place were never terrorism, it was merely a case of a mental health crises with a hostage situation and that person happened to be a Muslim.

The events in France were clearly terrorism, it is that clear view that we could all watch that diminished whatever terrorism claim existed over Sydney, and perception does that.

But what about San Bernardino?

You see, that is not a question, it is not THE question, but it is an essential question. The guardian (at http://www.theguardian.com/us-news/2015/dec/04/san-bernardino-shooting-tashfeen-malik-isis-connection). Here we see that the FBI is investigating this shooting as an act of terrorism.

To their support we should consider

  1. Suspects attempted to destroy ‘digital fingerprints’
  2. Tashfeen Malik allegedly made pledge of allegiance to Isis in a Facebook post on day of the attack
  3. FBI director James Comey said that there was “no indication that the killers are part of an organised larger group or form part of a cell. There is no indication that they are part of a network.

In the first three elements, it is important to realise that the first one gives view to premeditation.

These three need to be kept in mind, yet the main issue is not just those three, now I need to push a few quotes together, so you see the view that I also perceive to be.

Tashfeen Malik, 27, swore fealty to the terror group in a Facebook post on Wednesday, the same day she and her husband, Syed Rizwan Farook, committed the rampage” is part one, which we now connect to “David Chelsey, a lawyer for Farook and Malik’s family, said many details “do not add up”. “There are a lot of disconnects and there are a lot of unknowns and there are a lot of things that quite frankly don’t add up, or seem implausible,” he told CNN. “It doesn’t make sense. No one has ever seen Syed with any of the things – with some of the things found on the scene, they’ve never seen them with him. The pipe bombs, for example. No one had ever seen him use or have anything like that,” he said“.

Now we get the issue at hand. If we accept David Chelsey’s words as absolute truth, we are faced with at least two scenarios that are a lot harsher than you might consider at present.

  • In the first, is David Chelsey in absolute lawyer mode? So to say, if the families Farook and Malik require isolation from the events, this is the play to make, which means that his clients might not have told him the truth. They might not have been lying, but that is not the same. Yes, it is possible that they never saw a pipe bomb, but that does not mean that they have not been privy to eccentricities like buying goods in the middle of nowhere when you can buy the same items 15 minutes away from their home. The lawyer might just be doing his job, but in equal measure he is aiding in changing a view from realistic to an intentional attempt to misinform the federal authorities, or more precise his clients are. It is an additional view towards premeditation in the worst case, and an intentional act to colour the glasses of those trying to sway the public.

Why am I stating this?

Consider you are a parent and your child picks up a gun and kills fellow schoolies and teachers, how would you react? When we have a mental health case like Sydney that view is one we can all understand, but what if your child shouts allegiance to Abu Bakr al-Baghdadi, now it becomes a different game, now the parent does whatever he/she does not to lose their own sanity. Can you blame them?

So is the FBI confronted with a case where the family was unaware, in denial or hiding their involvement/ we can state that the lawyer is not helping any of it, but that is not his fault, the FBI’s job does not get to be any easier!

  • In the second, when we consider the acts from Malik, who was born in Pakistan and travelled on a Pakistani passport, and recently lived in Saudi Arabia. She apparently met Farook online. In addition, the participation of Syed Rizwan Farook now ups the ante in all this. In addition we read “Christian Nwadike, who worked with Farook for five years, told CBS that his co-worker had been different since he returned from Saudi Arabia. “I think he married a terrorist,” Nwadike said“, so here is the issue, how did Christian Nwadike know? I am not stating he is right or wrong, I am asking, what signs were there? You see, I am going somewhere with this. Was Syed Rizwan Farook groomed for terrorism during his engagement period? It seems he lived an isolated life, which goes a long way towards making him an easier mark, yet in that, from the little I know of Muslims, one woman alone could not have done this, which implies that he’s had additional conversations with a Muslim Cleric, one he met whilst in Saudi Arabia, possibly with contacts before and after he came back, which would have gone a long way towards move for extremism, which makes destroying the digital fingerprint essential and possibly that part, if successful is part of the problem because that method can be employed again and not just in the US.

So is that all?

You see, this opens the door to the issue the FBI has been puzzling over for the better part of a decade. Home grown terrorism was always a worry, but the extent shown in San Bernardino gives view that part of all this remained under the radar of the FBI, which is the perception issue they have. They knew they had it, as they were trying to find options on how to deal with this, but in all this the reality is that perception is the only initial weapon a person have to counter the imagination of an extreme fanatic, yet is that enough and what else could there be?

It is not something that is easily answered. You see as FBI director Comey said, there are elements of evidence that will not make sense, but is that because the picture is distorted or is that because elements are missing. That is part of the puzzle that both the FBI and Homeland security are facing at present. This now gets us to the next perception, is this in part Lone wolf terrorism? The act here might not be, but the ‘support’ system behind this, is that part lone wolf terrorism? You see, part of these answers are not here yet and perhaps it will take a while for this to surface, but when we consider the pipe bombs we are also left with other questions. If this was a one way trip, why did the police find the dozen pipe bombs? KSNV, News3LV reports (at http://www.news3lv.com/content/news/story/12-pipe-bombs-thousands-of-ammo-found/sf3rLM0bzEWOxM3pBXLpZA.cspx), “Authorities have revealed 12 pipe bombs and more than 3,000 rounds of ammunition were found inside the San Bernardino suspect’s believed residence“, did they expect to start shooting, get away, go home and load up for the next round? You see, in all this perception is key. Now consider the elements that are required to buy and make these pipe bombs. Are you telling me that this does not get noticed? Well, apparently not. I can go to www.bulkammo.com and get myself 500 Rounds of 7.62x54r for the FN FAL for a mere $241, or $240 for 1000 rounds of 9 mm, which means that they had left for well over $750 in ammo at home. In addition, if they kept a certain lifestyle (spending), were no flags raised by the shifting of purchased goods? If we consider the other elements in play, where did the money come from? Perhaps his job allowed him to prepare to this extent, yet in all this questions come to the surface, a rational mind would expect that this was decently certain to be a one way trip, so why leave bombs and ammo at home? The part made no sense, unless they were not alone, perhaps another party was going to be in attendance but they bailed out at the last moment and as such this act was more hastily executed. It is mere speculation on my side, but that speculation comes from my own perception of the events seen. They could be very wrong!

You see that view is in opposition from the very last quote in the News3LV report “They were equipped and could have committed another shooting but we intercepted that“, did you really? Consider that the San Bernardino Police Department is a mere 3.5 miles away, at normal speed that is 10 minutes, at full speed and sirens no more than 3.5 minutes. That is all the time they would have had because there is an option that patrols are on scene, so getting back home was never truly realistic, so why leave it all there?

Were they head cases to begin with or is the FBI missing a few clues? Clues that David Chelsey is helping to muddy. Not by his choice, because he is representing his clients the best way he can, so I am not having a go at him in any way, shape or form. In addition, the weird act of their landlord to give the press access to their home is actually giving us additional questions. The house in the way it looked, was that how they lived? Did they never have guests and as such was the wife intentionally isolating her groomed co-shooter from the very beginning.

If that is the case, than how does the response from the family as voiced by David Chelsey make sense?

You see perception is an essential element, what we perceive, what others should have perceived and what the authorities perceive from all the data that they are receiving this very moment. How does it all fit?

At present it does not seem to fit at all, apart from the timetable and the fact that they either took no time at all for the ‘first’ shooting being able to get past South Waterman Avenue which then lead to the 4 hour manhunt. Again, this is not to place blame (in this case on the San Bernardino Police Department), but to get us to the question,  that as the shooting had passed, how did the couple expect to get back home to pick up more bombs and ammunition? I asked it before and with the added information you too should consider the thought on how they could have gotten back to their homes to load up for more? It merely gives us the question mark and the idea that this was likely never meant to be a party of two. If we accept that speculation we will get to the final question, who else was involved (were more people involved) and what comes next?

What is your perception on this case?

Leave a comment

Filed under Law, Media, Military, Politics