Tag Archives: FBI

May 10, 2017 · 16:42

Screwed either way

Some will remember James Comey, at present former Director of the FBI. In addition, we need to remember on how during the final parts of the election Hillary Clinton came under investigations regarding her handling of certain matters as Secretary of State. In my mind her chances went out the window as she had bungled the Benghazi affair in the most stupid way possible. From my point of view it could have gotten her at least a million extra votes if she had done that thing right. In that Case, the 16 votes for Michigan might have been Democratic, in addition, the 29 votes for Florida and 10 for Wisconsin could have sealed the deal as the differences were really low, no guarantee, but the limping to the finish line as some newspapers reported imply that those three would have been up for grabs at that point. Would it have been enough. Was James Comey the trigger that made it falter? It would be too speculative to say ‘Yes!’

Consider the extremely hostile environment of the US and their need to be ‘by the book’ to do it according to whatever rules they decide. The fact that Hillary Clinton did office work via private email and servers and then suddenly the materials cannot be produced. This means that she gets to do government work off the books, with every possibility to feed her personal needs. I am not saying she did, I am saying she could have done that and there will be no evidence to help prove it. My issue was with the Benghazi situation. Where we see: ‘State Department officials were later criticized for denying requests for additional security at the consulate prior to the attack. In her role as Secretary of State, Hillary Clinton subsequently took responsibility for the security lapses‘, which was almost the brunt of it, the fact that certain parties were not upfront about the issue and it took Freedom Of Information Act requests by the Republican National Committee to truly get things going publicly. From CNN and Politico we learn “a lack of cooperation from Obama administration officials and Secretary Clinton for the lack of progress“, certain parties were dragging their heels as the spokesperson had to admit that they were pretty much clueless on the situation, that level of ignorance got an US ambassador killed. It might have blown over, but with the death of an Ambassador it was no longer an option as the world would be watching. This issue, even as Clinton took the blame towards herself, would not clear her. She failed a position of high office and as such giving her an even higher position was a bit of a no-no. Consider that the request for additional security was denied, the next time around it could impact the security of a nation. The entire terrorist push, the billions on security are now the anchor that no party can ignore. Stating that there will be no danger could start the second civil war in the US as the intelligence and security services have been spending billions meant for welfare and education. In this we now see the issue that was brought to light later as “classified information ended up on the laptop of the disgraced former congressman Anthony Weiner“, now we get “Mr. Comey had told the Senate Judiciary Committee that during the F.B.I.’s investigation into Hillary Clinton’s use of a private email server while secretary of state, officers uncovered evidence that Mrs. Clinton’s aide, Huma Abedin, had “forwarded hundreds and thousands of emails, some of which contain classified information” to Mr. Weiner, her husband“, so an unqualified person forwarded from a private server mails to people who had no business getting the information. This is how nations are put into danger, this is how National Security falters. In this people want to protect the Clintons from being utter dicks in negating the need for security. In addition, the NY Times gives us the quote (at https://www.nytimes.com/2017/05/09/us/politics/comey-clinton-emails-testimony.html) “Our investigation determined that Ms. Abedin commonly forwarded emails to others who would print documents for her,” Gregory A. Brower, the assistant director in the F.B.I.’s Office of Congressional Affairs, wrote in a letter to the chairman of the Senate Judiciary Committee, Senator Charles E. Grassley of Iowa“, so not only is she stupid, she is commonly stupid? What other information went innocuously to indirect receivers at for example, Wall Street, or a friend in financial hardship? James Comey did what was requested from him as the news has shown in several times that House republicans requested the probe and now a Republican fires Comey for doing so.

The Guardian (at https://www.theguardian.com/us-news/2017/may/09/james-comey-fbi-fired-donald-trump), gives us: “Clinton partly blamed Comey’s letter in late October notifying Congress that the FBI was studying the emails on the laptop, for costing her the presidential election”, which sounds nice from her side, but when we realise that she allowed in principle for hundreds of classified mails to go unchecked via a third party to another person who should have no access at all. The fact that she is not in prison for gross negligence, or even on charges much worse is for her the smallest blessing in disguise”.

I will admit that there are issues on the Comey side too, yet again, when we realise that this was all in a timed situation during the running of the presidential election, and timed by republicans, there is one part that seems to stand out, as I see it, for the next 8 years, the republicans will not get any assistance that is a letter outside of the official brief request. The republicans have thrown away any options for small favours. Yet perhaps that might be their game, because as more and more people realise the dangers of the Financial Choice Act, it might be that James Comey was too much of an unknown straight shooter according to Wall Street. I wonder what friend of Wall Street will get to be appointed next. You think that my speculation is wrong? Perhaps it is, I just find it a little weird that a person who did his job in weird times, at request of the republicans, gets fired by that same group. Perhaps President Trump is merely throwing a fictive olive branch at the democrats, perhaps and more likely he was being misinformed by someone really liking someone else to be in that place. In my view there are issues on both sides, yet the direct clarity is that there has been a proven case that former Presidential runner Hillary Clinton was stupid in the way she did things and more stupid having an aide that had no office setup to properly print things, as well as knowingly share classified information with third parties. That part only came to light as the 52-year-old congressman decided to do some sexting with a 15 year old. Without that, it might not have come to light. The issue then becomes, who else, who should not be receiving any of it, ended up with classified information, who else came with: ‘shall I print that out for you?’ In this, the one support against the Wall Street Journal would be the quote “His probe of the former Secretary of State’s private email server is looking more like a kid-glove exercise with each new revelation“, which might not be incorrect, yet the election was in full swing, there was an issue that could constitute electoral fraud, which would be a big no-no to a lawyer like James Comey. He was pushed by the republicans in a hard place with no real solution. Yet in all this none of the papers stated at the headline the one part that mattered and remains unstated too often: ‘Hillary Clinton did this to herself!

There is one remaining side which we get from loyal republican Bill O’Reilly. He is illuminating it all without using the speculation I use (I am a blogger after all), we see: “Now, if you are Comey, you are basically taking copies of all your files, because if there is something wrong here – by wrong I mean, if Comey was doing his job, and now is fired because he was doing his job – Comey has got to get that out”, and there is more at https://www.billoreilly.com/b/OReilly-from-his-car-on-the-Firing-of-FBI-Director-James-Comey/662156856740165995.html. The issue is seen not by just me, but by several people, some of them scrutinising the FBI even more than I ever would, they state ‘Comey is fired because he was doing his job’, which is to many of us a real no-no, that whilst the Clinton gang goes on making loads of coin. The injustice is slightly more than I can stomach. So, as such I feel correct in my speculation, this was not about the Clinton mails, this is about making an FBI shake up for what comes next. It is done now because one additional quality win makes Comey almost untouchable and at that point too many people on the hill (that famous one in Washington DC) will ask a few more questions on both sides of the political isle. That is the part they have no worry about when the next one in the hot seat gets given the hot potato no one wants. It is a stretch on my side, I agree to that, yet with the loud noises that the Financial Choice Act is making and with groups and strong people in high places are now asking loudly what is wrong with the Republicans enabling Wall Street to this agree. As we see that consumers will lose more rights to defend themselves in these matters, having an FBI director with a strong moral compass is not something that the White House or the Senate might be comfortable with. I might be wrong here, and I likely am. Yet when you get fired for doing your job, more questions should be asked, especially as it is the position where one person has a goal to keep its citizens safe from several dangers. I hope you got that much at least.

 

Leave a comment

Filed under IT, Law, Military, Politics

Tagged as , , , , , , , , , , , , , , , , ,

April 28, 2017 · 11:59

The light of exposure

In France everything is going topsy turvy, we see people who claim to have no gains in any of it make certain that anybody is elected, except for Marine Le Pen, even the current President of France is on that boat, which is interesting as he is at present regarded as the biggest political failure since WW2. I myself would like to remain neutral, which is almost not possible as out of nowhere a former investment banker is suddenly the favourite runner with no real main political experience. The political marketing department might like the fact that he will be the youngest French President, which makes almost as much sense as it would be for me to take over the clandestine department of the CIA, with all those Korean challenges? I’m game!

Yet as I see it, Emmanuel Macron made a large blunder on LinkedIn as he wanted France to head all kinds of environmental and climate research, which sounds nice as the population at large is all about climate, but he seems to forget that France has a 2.25 trillion Euro debt to deal with and the current French President is leaving France in a dire, weakened and unhealthy state. Something that can not now, and not ever be cured by throwing money in anything but a growing economy move. Even I could have done better than that. Both players for the hefty seat will need to consider that a true quality investigation in the French healthcare system will be next on the list. It is at present regarded as one of the best, yet by 2019 their numbers will drastically change as France has one contributing element. As the retirement age has shifted by 2 years, there will be a spike in both physical and mental health care that will at that moment spike to different levels. France has the benefit of seeing how wrong inaction has left the British NHS close to death, and this is whilst the retirement age was at present not affected, so in France a think-tank will need to convene on a structured overhaul that does not leave a non working system in hands of consultants for 11 billion and at that point be a non-working system. The British Labour party left them with this example. If met with the proper adjustment, Huawei Technologies and Google could have optional solutions in theory before the end of 2018 and implemented 2 years later. The question becomes who will be the player and how will it be implemented. Questions that require serious consideration and in my view the youthful investment banker might not have the solution, in equal measure I am not certain whether Marine Le Pen will fit that bill either. Yet what has been shown is that the current president has made little effort towards that growing dilemma.

So why is Macron the bad choice? I am not sure he is, but the issues we have seen with investment bankers do not make me confident. Even as we should agree that he married the love of his life even though she is a few decades older, which implies that he does not care about the opinion of others gives the vibes that he is made of stern stuff, something the French people desperately need after one tour of Francois ‘the paperback’ Hollande (as I personally see it). Yet, what wrong has Emmanuel Macron done? That is the issue, for the mere reason that there is nothing that shows he had done anything but bend the law without breaking it in the Nestle acquisition deal. So basically, this proclaimed Mozart of Finance is getting soiled in soot for the mere title of being a former investment banker. That is as far as I can take it with reliable information. The Rothschild bank empire keeps it laundry hidden and dry, neither the NSA or the CIA has anything on them (FBI has nothing either). Whatever others can find is either hear say of overextended triviality. Again, as I personally see it the entire board of commissioners of PwC will be in jail long before Rothschild bankers get into the dock in court. I am happy, but unlikely to be wrong here.

Yet these elements are not the only ones in play. During the next French administration banks are moving their interests and their work environment all over the globe, France will see its share of new challenges. As the UK is dealing with Brexit and their set of new challenges, France will also deal with other issues. Even as both are not looking towards the frontiers of what will be possible with 5G, we will see new views on security and cyber issues, not just in the WiMAX and 5G environment, there will be additional dangers and risks with the new IBM hype word! As blockchain is heralded as a new solution, there are inherent risks with a system that has these abilities. Not just in managing the data, the attached data goes much further, there is the risk that any system has more than a mere ‘massive disintermediation of the financial system’. There is the risk that a hiatus in ‘non-repudiation’ could leave a dangerous leap in the ‘who done it’ realm where nobody can be held to account. The fact that blockchain has no form of regulations whatsoever will give French banking laws additional headaches down the line. This is not just assumption (well, it is a little), the Washington Post was all about ‘Russian hackers‘ in French elections. That does not prove that it is not so, there is merely a lack of concrete data evidence and the quote “the front-runner in France’s presidential race carried digital “fingerprints” similar to the suspected Russian hacking of the Democratic National Committee and others in the 2016 U.S. election” give food for thought. As present the cyber units cannot even get on par with the criminals, as blockchain evolves in all kinds of ‘personal’ dialects in every nation, we will witness a new level of data adjustment. This does not mean that blackchains are evil or that they are instigate criminal activities, the timing that blockchains bring just as the data traffic from 5G could sent a 500% data traffic spike from 2020 onwards through the global online cloud community leaves us with a boatload of issues and in that, France will have its share of issues to deal with, so as there might be opportunity, there is a more than equal risk of harmful dangers. Europe at large is not ready and in a lack of checks and balances, the dangers of another 2004 and 2008 investment collapse is not out of the question, especially as the laws are still not ready to deal with the recurring danger of a 2008 finance event. In this France is in too weak a condition (as is the UK by the way). So consider that if we relate this to the Bitcoin, its volatility is in its foundation the same volatility that blockchain could face, with a truckload of return on investment risks. In this we might consider that Macron is the better candidate, but I am not convinced, in this both are not great options, yet still better than the others. It almost a Churchill moment “Democracy is the worst form of government, except for all those other forms that have been tried“, we could replace the word Democracy with either ‘Blockchain’ ‘Emmanuel Macron’ and ‘Marine Le Pen’. Although in the first example, we would need to exchange ‘government’ with ‘data system’ as well. In this day and age governments can no longer keep up and until the spirit of the law gets clearly enforced the population of any nation is in trouble. In this danger is too harsh a word but there is a risk and the press at large has proven to be little or no help (apart from some actual newspapers, who are some help).

As France goes to vote there is little that I can offer to the voters, only that they need to know who and what they are voting for. They need to realise that their immediate choice is for themselves and their family. For some it is one candidate for others there is the other candidate. With France having an explosive growth in poverty, the social element seems the most pressing one, but its solution is in other elements not in solving poverty but in growing a dire economy, a dire situation grown by what I regard to be outsourcing and the bottom Euro of getting things done cheaply. It is that proper reform that herald change and options, which puts the initial premise in the hands of Marine Le Pen, yet no matter how her national pride is set, if she cannot build solutions she would be a one term president too. For Macron it seems simple in the way he talks and he talks like a salesperson, but in this he needs an engine to deliver on his promises, this is something he cannot walk away from, whether he realises it to the degree is not certain, his LinkedIn message made that clear.

So no matter where the exposure ends, there are dangers that all nations of Europe will face, the sudden ‘relaxed’ shift from Mario Draghi is making that clear (Source: Financial Times). I think that this temporary ease of situation is merely to ‘atone’ for French voters, I think that the message is a dangerous one. Several sources are talking on the dangers of joint bonds an in addition the fat that Reuters views that Mario Draghi could lose credibility is not a fab, it is a realistic danger which people seem to be dimming to low until after the French elections. This as I see it implies that there is heavy weather ahead. This is strictly my personal view, yet in that regard I have been correct a few times too many. See my other blog articles to compare on that regard. In this there is partial data, there is the claim that the IMF has dropped the pledge to resist all forms of protectionism. For me the issue whether they dropped it, or merely did not make mention of it. The result is very different and in this it is not just about clarity, it is about changing channels of commerce. It is more than a mere view of ‘good business is where you find it’ versus ‘we all should be allowed to do business’, which is the more direct issue that will impact France too. Even as I have an issue with the President Trump’s tax breaks, there is one sight that is adamant. The economies are now no longer in the hands of the fat cats of Wal-Mart and corporations alike, it is in the hands of small businesses and families in stores. They will reduce tensions on infrastructure pressures and make combined ripples in a starting wave of commerce. France is one of the more likely places to get that going, much more so that the UK at present. In this France’s biggest enemy is the French language.

When it overcomes that barrier, it could start a wave of trendsetting businesses from local to global, how it is done remains open to the people deciding walking that path, it will be a personal choice for all who endeavour that step, but they can get there, they just need the proper exposure and support.

 

Leave a comment

Filed under Finance, IT, Media, Politics

Tagged as , , , , , , , , , , , , , , , , , ,

March 26, 2017 · 15:30

Life in USA less healthy now

You might not have thought it, but did you realise that your life, if you are in the USA is as per direct a lot less healthy? Did you know you are now intentionally endangering your health? You did not, then read on and learn how you have thrown your healthy life away. In the LA Times (at http://www.latimes.com/business/la-fi-broadband-privacy-senate-20170323-story.html), we see ‘Senate votes to kill privacy rules meant to protect people’s sensitive data from their Internet providers‘, you might wonder how this is a danger to your life, but it is, and it will hurt your pocket too no less. The first part is “overturn tough new privacy rules for Internet service providers, employing a rarely used procedure to invalidate restrictions that cable and wireless companies strongly opposed“, now this is not the FBI or the CIA spying on you, this is the option for internet providers to sell your actions and your privacy driven information to whomever wants to buy it.

One quote from Sen. John Cornyn (R-Texas) was “The FCC privacy rules are just another example of burdensome rules that hurt more than they help”. Now, this is not just something that started now, to his credit, he has ALWAYS been on the commercial bandwagon, some of that goes back years where he questioned the White House on the way the FCC’s set-top box proposal came down and what role the White House had in that, and other, FCC decisions. He is clearly a man of less governmental oversight and that is his right. The issue becomes when TV and internet usage is sold to health care providers and on the consequence of what those people call the ‘weighted classification of couch potato‘, in that with the rise of health care premiums. This actually goes further than merely health care. The fact that app use and geographic data becomes available is equally a concern. There is a secondary situation, Companies can now go via consultancy firms and avoid issues with that pesky Employment discrimination law. You see, “the elimination of artificial, arbitrary, and unnecessary barriers to employment” can now be circumvented. People who are too often on Boston South Side, East LA, or the SF Mission district, the use of Geo data would allow for a percentage analyses of this GeoData, giving some people who had hit on hard times even less able to fight for a decent future. And let me be clear, any ISP denying that will be lying to you. The data will be part of something else, like where were you when a certain app was used, which might seem nice, but if they check all apps than that picture gets to be pretty complete.

The reality goes further than this. Even as you read this, MIT is making great strides (at http://bpp.mit.edu/offline-data-collection/). Yet when you read: “Daily price indices, monthly, and annual inflation rates for Argentina and the US. Monthly data with annual inflation rates for Argentina, Brazil, China, Germany, Japan, South Africa, UK, US, 3 US sectors, and global aggregates (including Eurozone). Daily PPP series for Argentina and Australia. The data were used in the paper titled “The Billion Prices Project: Using Online Data for Measurement and Research” – Journal of Economic Perspectives, 31(1) (Spring 2016)“, a serious question comes to mind. You see, once you have this data, you can go into collaboration phases, after which you could raise minimum prices on hundreds of articles. It might be cents, but that raises your monthly costs in dollars, whilst the maker now gets millions in addition. So, yes everybody loves big data, yet will it love you? You get the impression from “Daily prices for all goods sold by 7 large retailers in Latin America and the US: 2 in Argentina, 1 in Brazil, 1 in Chile, 1 in Colombia, 1 in Venezuela, and 4 in the US. Used in the paper titled “Scraped Data and Sticky Prices”“, you just wonder if it is such a weird concept. Now, from an academic point of view, it is an amazingly interesting project. So was Dynamite, which Alfred Nobel learned the hard way, had a few optional uses which he never considered. Data is in that regard a whole lot more dangerous.

The biggest joke in all this is not President Trump, it is actually the FCC puppet Ajit Pai, who was appointed by President Obama in May 2012, he stated that the rules threatened to confuse consumers as they were different to those imposed on web firms such as Google and Facebook. You see, as I see it Ajit Varadaraj Pai is stupid, but he is not stupid, you hearing me? Let me explain this. When a person looks at an advertisement, or seeks something like ‘Gaming Chairs’ at PC Case Gear. That person looks and decided not to buy, the person is just browsing. Now, as this person looks for other things or browses the internet and visits websites. This person gets to a site that uses advertisement spaces. Now for example, Google AdWords will show things that interest you, or things from places you visited. So, even as this person is just going to any place that has advertisement spaces, Google AdWords would possibly show that person ‘Gaming Chairs’ that PC Case Gear had on sale, and Facebook will do exactly the same. In all this, that persons actions and seeks would have remained private, the advertiser does not have my details. They will get general aggregated data, like the gender and the age of the visitor (age is set in an age range). At no time does the advertiser have my complete details. This is why it actually works, now that the ISP can sell my specific data, the issue changes. My details will now get out to third parties and their lack of any ethics (not that the ISP has any mind you) will now endanger us. Ajit Pai knows all this! And he is very happy to facilitate the need for greed, even if it endangers lives, because at some point in the near future it actually will. The health care data need will take care of that, meaning that when your child could not get healthcare, because his browser data indicated an unhealthy life, when he needs that Bypass and the healthcare provider got a little too needy, just remember the name Ajit Pai for the tombstone of your child. Let me explain this a little more clearly. The NCSL (National Conference of State Legislatures) gives us “Yet for those buying insurance on an exchange or private market plan for 2017, the average increase before subsidies was a shocking 25 percent” When we consider that the annual premium for an average family was up to $18,142 (I know, what a weird number), 25% is $4535.50, That is $378 a month, when was the last time you got a raise that allowed for such payments?, let me be frank, with 3 university degrees, I have NEVER received an annual increase that much, so as such, you lose either your healthcare or you lose your quality of life. What will you choose? So as junior is data mined as a little larger risk, your premium takes a hit and as you had to let go of healthcare, your child dies, with the compliments of Ajit Varadaraj Pai, so please send him a ‘thank you’ note, the FCC can be found in Washington DC.

You think I am exaggerating? This is the path the US was always on, exploitation to the max before the collapse. USA Today gives us “Sears and Kmart might not have enough money to stock their shelves” merely 3 days ago, it can no longer fuel its existence, that whilst its CEO grew his fortune by $1 billion last year alone. Forbes voiced it as: ‘Sears Suffers — Eddie Lampert Wins‘, now this is related, as places like Sears and Kmart will be vying for YOUR details, your browser history and your privacy and once they have your data, they will merge it and sell it via for example an Australian subsidiary to whomever will buy it, China for example. That is how your data will bounce around the planet, decreasing you and the value you have with every transfer deal made.

As I stated often in the past, I love big data, yet I know that there is an increased need for ethics on how it is collected, applied and moulded into a new base of information. The USA has shown that it is not able to keep any level of ethics in play, which sucks for Americans and it in equal measure sucks for anyone considering trusting an American company, that is, until the Europeans and others get on board on cashing in on data for sale. Consider one last thing, now, this is pure speculation and there is no evidence that this would happen, yet what happens when ISIS figures out what the parameters of a desperate person are? What happens when they mine this data to see who to approach for extremist actions? There is no way this could happen, could it?

 

Leave a comment

Filed under Finance, IT, Law, Media, Politics, Science

Tagged as , , , , , , , , , , , , , , , , , , , , , , , , ,

December 30, 2016 · 13:22

In speculated anticipation

This is on a matter that is slippery like a promiscuous nymphomaniac lady contemplating monogamy. In a world where any person next to you could be a pimp, a whore or merely psychotic. Welcome to the cold war! Merely a few hours ago, the Guardian gave us ‘Obama orders sanctions on Russia after campaign hacking during US election’ (at https://www.theguardian.com/us-news/2016/dec/29/barack-obama-sanctions-russia-election-hack). Now, we have known the CIA and other parties to be blatantly incorrect when it came to Sony and North Korea. Yet, here in this case, there are a few elements in play where it is indeed more likely than not that if there was real interference that Russia would have been guilty, involved or at the very least privy to the events. In this China is a lot less likely, because as business deals go, they are a lot better of with the Ignorance of former State Secretary Hillary Clinton, than they will ever be with President elect Donald Trump, so as the calling of garden grooming spades, the one turning the soil is overly likely to be the Russian side.

There was an earlier article referred to in this one, where we see: “He dodged whether Putin personally directed the operations but pointedly noted “not much happens in Russia without Vladimir Putin”“, which is actually incorrect. You see, and President Barack Obama know this to be an absolute truth is that deniability is essential in some operations. Yet, in this even as President Vladimir Putin would have been kept in the dark (likely by his own request), it is less likely that Sergey Kuzhugetovich Shoygu is involved, yet if the GRU was involved than Igor Korobov would know for sure. You see, the FSB is the second option, yet for those who have seen some of the reports that Darknet has regarding investigative journalist Andrei Soldatov gives at some parts the inclination that the FSB funding on more advanced cyber actions was lacking making the GRU the opponent of choice. This comes with the assumption from my side that less advanced equipment would have given US cyber sides a lot more data to show earlier that Russia was intervening with the elections. The reports of a group called Fancy Bear gives way to the technology they get access to and the places they can access them at. There is another piece that I have not been able to confirm, it is speculative and even as it gives base to giggles of all matters, it remains a speculation. It is said that Fancy Bear operatives have been able to work from North Stockholm, if so, they might have accessed the IBM backbone there, which has a massive amount of data pushing power. Giving way that the US gave powers to enable hacking of the US election system, live is just too cynical at times.

Another quote is also linked to this, but not from the cyber point of view. “Obama repeatedly weighed in on what he saw as increased polarization in the United States. “Over a third of Republican voters approve of Vladimir Putin, the former head of the KGB. Ronald Reagan would roll over in his grave. How did that happen?”“, in that my response would be ‘Well Mr President, if you had gotten of your ass and actually do things instead of politicising things. If you would have actually kept a budget and not push the US into 20 trillion of national debt people might be less on the fence for the other side, right?‘ There will be no reply because not only as this administration been close to useless, the actions of the last few days where the new electorate gets an agenda pushed down its throat where a clear cooperation with terrorist organisations is seen is plenty of food for thought, yet that rave needs to seize as it does not completely apply to the case at hand!

There are however other matters for concern “In a conference call with reporters, senior White House officials said its actions were a necessary response to “very disturbing Russian threats to US national security”“, which beckons three things:

1. Why was it a conference call and not on every video or a live presentation?
2. Wow long has this been actually known?
3. Where is the actual evidence?

Like Sony, like other parts, the press wants to see evidence and NONE has been presented. No station, as far as I have been able to tell has shown any schematic on how the election could have been tampered with evidence. There are hundreds of anti-Clinton and anti-Trump conspiracy theorist videos, yet none form any reputable news channel. Which also now gives voice to the thought whether the US intelligence branch in this administration has been the biggest joke ever (North Korean accusations et al).

Still in all this, the US is pushing for a cold war, which might not be the worst thing, yet as the US is to be regarded as bankrupt, the upgrades that will involve a data centre and 4-6 billion in equipment and resources is something there will be no room for any day soon.

So what is this about? Is this about the Democrats being really sore losers? I am not sure what to think, yet the entire approach via conference calls, no presentation of evidence, there are a few too many issues here. In addition, if there was evidence, do you not think that President Obama would present it, to show at least that he is capable of publicly smiting President Putin? Let’s face it, he does need to brownie points. Yet, in light of some evidence not shown, the actions at the 11th hour, are they a sign that the Democratic Party will be relying on act that some could regard as Malfeasance in office? Of course these people will not need to give a second thought as they will be removed from office in a few weeks, yet to leave open the next public officials to added pressures to clean up not just their last 8 years of action, but in addition acts of impeding elected officials could have long term consequences. Let’s not forget that the Republican Party starts with both a Republican Senate and Congress, as well as their guy in the White House, so if the Democratic Party wants anything to happen, being nice is pretty much their only option.

In addition, when we look at the US recount (at https://www.theguardian.com/us-news/2016/dec/28/election-recount-hacking-voting-machines), we see first off ‘US recounts find no evidence of hacking in Trump win but reveal vulnerabilities‘, in addition we see “In Wisconsin, the only state where the recount was finished, Trump’s victory increased by 131 votes, while in Michigan, where 22 of 83 counties had a full or partial recount, incomplete data suggests was a net change of 1,651 votes, “but no evidence of an attack”“, which is not amounting to evidence in total, we do see that two places were not intervened with, still the system is setting the pace that there are future concerns. The message ““We didn’t conclude that hacking didn’t happen,” he told the Guardian, but “based on the little evidence we have, it is less likely that hacking influenced the outcome of the election” does clearly state that hacking did not happen, it is given with some clarity that any hacking if it happened, that the outcome was not influenced by hacking. This now gives rising concerns to James Comey and what is happening on his watch. More important, the responses that the Guardian had (at https://www.theguardian.com/technology/2016/dec/29/fbi-dhs-russian-hacking-report) where we see “The report was criticized by security experts, who said it lacked depth and came too late” as well as “Jonathan Zdziarski, a highly regarded security researcher, compared the joint action report to a child’s activity center“, which is not the first time we see it. More important is the quote “Tom Killalea, former vice-president of security at Amazon and a Capital One board member, wrote: “Russian attack on DNC similar to so many other attacks in past 15yrs. Big question: Why such poor incident response?”” is exactly the issue I had in the initial minute of the information being read by me and that is not the only part of it. The fact that the involved parties seem to be lacking more and more in advising actions as well as a clear cyber security pathway (the Clinton private mail server issues) that is correctly enforced and checked upon. The utter lack of proper ‘Common Cyber Sense‘ as seen for close to a decade at present all over official and governmental US is cause for a large amount of problems, yet the amount of evidence produced that there actually was Russian Cyber actions into changing the election results have not been brought and was brought was done in a very unconvincing way, in a way that top people had deniability of involvement in fingering the Russians. The PDF reads like something less serious in a few ways. You see, the techniques described are not wrong, but it leaves it open to who was the participating party. It could have been mere private hackers, the Russian Mafia is also a cyber-player. The fact that alleged actions from summer 2015 are only now coming into the light.  Is that not equally strange? By the way, the fact that Russian intelligence would try to ‘visit’ the files of the US Democratic Party is not that weird. Is there any indication that NSA, GCHQ and ANSSI would not have been accessing (or trying to) the United Russian party servers for intelligence is equally silly! Neither shows intent to influence an election. Let’s face it, Benghazi was a large enough mess to sway the vote in the first place and US insiders were all too happy to leak information, the Russian merely had to sit back, laugh and drink Vodka. In addition, the fact that malware was on the systems in not in question, it happens too often in too many places, yet clear evidence that APT28 or APT29 were the culprits implies router information, router data and clear information on when EXACTLY is happened (summer 2015 is a little too wide). More important, this also implies that proper malware defence was NEVER in place, so how shallow do these people want to get?

From page 8 we start seeing the true ability of the intelligence to envelope themselves into the realm of comedy. Items like ‘Update and patch production servers regularly‘ and ‘Use and configure available firewalls to block attacks‘ as well as ‘Perform regular audits of transaction logs for suspicious activity‘, these events should have been taking place for a long time, the fact that registered events from 2015 and now show that these mitigation elements are mentioned imply the fact that IT reorganisation has been essential is a larger issue and heavy on comedy if that has been absent for 2+ years. I think negligence becomes a topic of discussion at that point. The least stated on ‘Permissions, Privileges, and Access Controls‘ the better, especially if they haven’t been in place. So in retrospect, not having any ‘evidence’ published might have been better for the Democratic Party and especially for James B. Comey and Jeh Johnson. The main reason is that these events will have a longer term implications and certain parties will start asking questions, if they don’t, those people might end up have to answer a few questions as well.

In that regard the Guardian quote “The question hasn’t even been asked: ‘Did you take basic measures to protect the data that was on there?’“, a question that seems basic and was basically voiced by Sean Spicer on CNN. The fact that according to 17 intelligence agencies agree (as quoted by CNN), brings worry to those agreeing and the laughable bad quality PDF that was released. Consider that we are seeing the reaction of unanimous agreed intelligence without any clear presented evidence, actual evidence, so what are they agreeing on? As stated by Sean Spicer in the CNN interview, the burden of proof is on the intelligence community. Especially as there is an implied lack of due diligence of the Democratic National Committee to secure their IT systems. The fact that the implied lack of diligence should give view to the fact that there are plenty of American citizens that are anti democrats in the US alone to give worry on WHO have been jogging through the DNC servers.

A view that seems to have been overlooked by plenty of people as well.

In the act of anticipated speculation we should speculate that proper presentation of the evidence will be forthcoming. The presentation on a level that will give a positive response from security experts will be a lot to ask for, yet in all this, you should be asking yourself the one question that does matter, it is possible that the FBI got it wrong three times in a row? If so, in how much trouble is Cyber America?

 

Leave a comment

Filed under IT, Law, Media, Military, Politics

Tagged as , , , , , , , , , , , , , , , , , , , , , , , ,

November 4, 2016 · 14:24

A leaky Cauldron is a just sif!

Well, as we are moving into the final days of President Obama, we get to see one more rodeo of entertainment, amusement and comedy. You see the headline ‘Barack Obama delivers stinging critique of FBI: ‘We don’t operate on leaks’‘, we can argue that they actually do, or we can howl with laughter, because for the most, the Obama administration created leaks, it did close to nothing to do something about it that would actually work. For one, here is a quote from thinkprogress.org. It is from August 7th 2015: “Congress’s Cybersecurity Plan Has Some Major Flaws“, this is in his second presidency and we see Congress not being even close to resolving essential issues that should have been addressed well before 2008. This level of inaccuracy (read: incompetence) is shown in “Civil liberties groups including the Electronic Freedom Foundation (EFF), New America, and American Civil Liberties Union (ACLU) urged the public to call their senators to persuade them to vote against, what even the Department of Homeland Security has deemed, a flawed bill with more than 20 proposed amendments“. So an issue where the ACLU and the DHS are on the same page, even when taking decent amounts of LSD, the world would still seem more logical, when ACLU and DHS are on the same page, the matter is a lot more critical than some make it out to be.

When we look back to 2013, when Robert Gates, the former Defence Secretary, reveals in his book ““reveals the depth of Mr. Obama’s concerns over leaks of classified information to news outlets, noting that within his first month in office, the new president said he wanted a criminal investigation into disclosures on Iran policy published by The New York Times.”“, we see that President Obama, knows all about leaks, they were at the centre of his core for two terms, so when we see again and again that the ball was dropped, what does that state about the president and his administration that keeps on twisting their ‘cyber’ thumbs?

Yet in all this, it was the Guardian who gave us (at https://www.theguardian.com/us-news/2016/nov/03/fbi-leaks-hillary-clinton-james-comey-donald-trump) an essential issue “Even some congressional Republicans, no friends to Clinton, have expressed discomfort with Comey’s last-minute insertion of the bureau into the election“, apart from what I discussed in my blog ‘As messages pass by‘ two days ago, there is one other part that must be mentioned in all fairness, because this is about the situation, not about anti-Clinton rants. The quotes are “As The Post’s Sari Horwitz reported on Saturday, “a largely conservative investigative corps” in the bureau was “complaining privately that Comey should have tried harder to make a case” against Clinton“, as well as “Rep. Jason Chaffetz (R-Utah), chair of the Oversight Committee, quickly tweeted news of Comey’s letter Friday and stated: “Case reopened.” This is not what Comey said (and technically the Clinton case was never closed). But many in the media bought Chaffetz’s hype, especially in early accounts. That’s what happens when an FBI director hands an explosive but muddled letter to a Republican-led Congress. In fact, Chaffetz had already made clear that if Clinton wins, the GOP’s top priority will be to keep the Clinton investigative machine rolling“, which came from https://www.washingtonpost.com/opinions/comey-gives-in-to-shameful-partisanship/2016/10/30/c31c714a-9ed8-11e6-8d63-3e0a660f1f04_story.html and this clearly shows two elements. One is that the republicans via Congressman Jason Chaffetz, Republican from Utah pushed. For those who think that this doesn’t matter, consider the following which we get from the FBI Website (at https://www.fbi.gov/about/faqs ). “Who monitors or oversees the FBI? The FBI’s activities are closely and regularly scrutinized by a variety of entities. Congress—through several oversight committees in the Senate and House—reviews the FBI’s budget appropriations, programs, and selected investigations. The results of FBI investigations are often reviewed by the judicial system during court proceedings…“, so when Congress pushes the FBI, it has bearing and impact (although ‘bearing’ would be allegedly). So whilst the media is going all out against Director James B. Comey, can we agree that Congress was pushing and in addition, the fact remains that Hillary Clinton could still up ending to be regarded as criminally negligent.

Now that last accusation needs explaining, and funnily enough, for the most, we all have that evidence. Those who have a job, ask yourself how many bosses allow you to do company business using your private emails? There are plenty of companies that such an action, seen as a transgression that could result in immediate dismissal and that isn’t even high dangerous secretive information. Now consider that as Secretary of State, Hillary Clinton submitted over 20 top secret issues via private email, in addition, the emails went to the laptop of a previous employee, basically giving classified information to a non-authorized person. The fact that she ends up not being prosecuted is a little weird to say the least. Yet, I discussed that in an earlier blog, the link remains because the issues are linked.

What is important now is that the media at large had access to more information that I had (or so they think), and they kept you, the reader in the dark. The bias against Donald Trump is THAT intense. Now, personally, I think that Donald Trump is as dangerous as a baboon on XTC, which is an issue as this primate is merely dangerous and lethal in the most docile of times. Its teeth rip through your flesh and bones in one bite. I’ll be honest, Baboons scare me, not because of what they do (they are equipped to protect, not to hunt people), they are highly intelligent, yet when cornered they can be the most dangerous animal you will face in a lifetime. Making my correlation with Donald Trump a lot more accurate than even I bargained for. His latest actions known as ‘Donald Trump’s Impeachment Threat‘ (at http://www.nytimes.com/2016/11/04/opinion/donald-trumps-impeachment-threat.html), when we see “they may well seek to impeach Hillary Clinton if she wins, or, short of that, tie her up with endless investigations and other delaying tactics“, the Democratic Party is seeing the result of President Obama’s bad presidency. The result and fallout of Benghazi, the mail issues with the Clintons and a few other matter. As stated, Congress gets to push the FBI and it is a republican congress. There is a little too much realism in the quote “Mrs. Clinton won’t be able to govern, because we won’t let her. So don’t waste your vote on her. Vote for us“, because her promise to do something about the economy will fall flat for at least 2 years. In addition, there are other matters that play, matters that involve the non-committal towards Common Cyber Sense and with the alleged Cyber-attacks from Russia (I am calling them alleged, because no clear evidence is in existence, yet clear reliable speculative data that pushes towards Russian involvement cannot be denied, not even by me), we see that Russia is instigating another cold war, one that America is unlikely to win makes the Democratic position even more weak. Even if we all admit that it is too unlikely for Russia to win this, it will work as an anchor on the US economy, so the next president has that to worry about too.

So as we are confronted with the Cyber issues at hand, in light of the extreme negligence that Hillary Clinton has shown to have, we see certain markers that weigh down on the positivity of her campaign. This might be the first election where the third party had a decent shot of winning, isn’t it a shame that Reverend Jesse Jackson wasn’t running? I reckon that unlike 1984 and 1988, he actually would have had a chance this time around, when we are brooding on which of the two is the lesser of two evils, the third player o gets be an actual contender #ThatsJustMe, wasn’t it funny that he of all people that showed up in Detroit yesterday after which he praised Donald Trump for his commitment of Diversity. Although from the news we have seen, I have to wonder if ‘diversity’ was about the sizes and shapes of breasts. I just had to get that of my chest, #Pardonemoi.

In all this, the media themselves are also a worry as they are pushing the people with outdated information. An example is the Business Insider only 2 hours ago. The article (at http://www.businessinsider.com.au/hillary-clinton-new-emails-found-fbi-2016-11), gives us “The FBI says it found new emails related to Hillary Clinton’s time as secretary of state, CBS News reported on Thursday. It is not known whether the emails are relevant to a case involving Clinton’s private email server, the network said, but the messages do not appear to be duplicates of emails the agency has already reviewed, according to an unnamed US official cited by CBS News“, the article was given the date and identity ‘Bryan Logan Nov 4th, 2016, 11:12 AM‘, yet when we look at the CBS article “In a letter to Congress last Friday, FBI Director James Comey indicated that the agency was taking steps to review newly discovered emails relating to Clinton’s private email server. Those emails came from the laptop of Weiner, a former New York congressman“, which was what I reported on 5 days ago, which came from CNBC on October 29th. So, as the Business Insider is intentionally misinforming the people. So, can we agree that the Media could now be regarded as ‘tempering’ with elections by misinforming the public? Even as we see these events evolve, we need to take heed that Donald Trump is the kind of man that large media corporations do not mind to be indebted to. Because his next crazy idea that pays off, these people will be knocking for exclusives, so when you think that you are getting informed, think again! The article never ‘lies’, it just trivialises older news and gives only part of the complete timestamp on other sides, leaving us with the message that Hillary Clinton has more eventful issues, instead of us getting the correct information that Business Insider is just rehashing old news, to get a few more cycles out of it. How is that not tempering with the view of the voters?

 

Leave a comment

Filed under Media, Politics

Tagged as , , , , , , , , , , , , , , , , , , , , , , , , ,

October 8, 2016 · 14:26

What did I say?

Last night I got a news push from the Washington Post. It took me more than a second to let the news sink in. You see, I have been advocating Common Cyber Sense for a while and apart from the odd General being ignorant beyond belief, I expected for the most that certain players in the SIGINT game would have their ducks in a row. Yet, the opposite seems to be true when we see ‘NSA contractor charged with stealing top secret data‘ (at https://www.washingtonpost.com/world/national-security/government-contractor-arrested-for-stealing-top-secret-data/2016/10/05/99eeb62a-8b19-11e6-875e-2c1bfe943b66_story.html), the evidence becomes blatantly obvious that matters in the SIGINT industry are nowhere near as acceptable as we think they are. The quote “Harold Thomas Martin III, 51, who did technology work for Booz Allen Hamilton, was charged with theft of government property and unauthorized removal and retention of classified materials, authorities said. According to two U.S. officials familiar with the case, he is suspected of “hoarding” classified materials going back as far as a decade in his house and car, and the recent leak of the hacking tools tipped investigators to what he was doing“, so between the lines we read that it took a mistake after a decade for the investigators to find out? No wonder the NSA is now afraid of the PLA Cyber Division!

In this light, not only do I get to tell you ‘I told you so‘, I need to show you a quote from July 1st 2013, where I wrote “So if we consider the digital version, and consider that most intelligence organisations use Security Enhanced Unix servers, then just accessing these documents without others knowing this is pretty much a ‘no no’. EVEN if he had access, there would be a log, and as such there is also a mention if that document was copied in any way. It is not impossible to get a hold of this, but with each document, his chance of getting caught grows quicker and quicker“, so I questioned elements of the Edward Snowden case, because my knowledge of Security Enhanced Unix servers, which is actually an NSA ‘invention’, now it seems to become more and more obvious that the NSA has no flipping clue what is going on their servers. They seem to be unaware of what gets moved and more important, if the NSA has any cloud coverage, there is with this new case enough doubt to voice the concern that the NSA has no quality control on its systems or who gets to see data, and with the involvement of a second Booz Allen Hamilton employee, the issue becomes, have they opened up the NSA systems for their opponents (the PLA Cyber division being the most likely candidate) to currently be in possession of a copy of all their data?

If you think I am exaggerating, then realise that two people syphoned off terabytes of data for the term of a decade, and even after Snowden became visible, Harold Thomas Martin III was able to continue this for an additional 3 years, giving ample worry that the NSA needs to be thoroughly sanitised. More important, the unique position the NSA had should now be considered a clear and present danger to the security of the United States. I think it is sad and not irony that the NSA became its own worst enemy.

This is seen not in just the fact that Harold Thomas Martin III moved top secret data home, whilst he was at work a mere FSB or PLA intern could just jimmy the front door and copy all the USB devices. So basically he was potentially giving away data on Extremely Low Frequency (ELF) systems, which would be nice for the PLA Cyber Unit(s), as they did not have the capacity to create this themselves. So whilst they were accused for allegedly trying to get a hold of data on the laptop of Commerce Secretary Carlos Gutierrez (2008), they possibly laughed as they were just climbing into a window and taking all day to copy all the sweet classified data in the land (presumption, not a given fact). So he in equal measure pissed off the US, India and Russia. What a lovely day that must have been. In that regard, the Affidavit of Special Agent Jeremy Bucalo almost reads like a ‘love story’. With statements like “knowingly converted to his own use, or the use of another, property of the United States valued in excess of $1,000“. Can we all agree that although essential and correct, the affidavit reads like a joke? I mean that with no disrespect to the FBI, or the Special agent. I meant that in regard to the required personal viewed text: “Harold Thomas Martin III, has knowingly and intentionally endangered the safety and security of the United States, by placing top secret information and its multi-billion dollar value in unmonitored locations“, I do feel that there is a truth in the quote “The FBI’s Behavioural Analysis Unit is working on a psychological assessment, officials said. “This definitely is different” from other leak cases, one U.S. official said. “That’s why it’s taking us awhile to figure it out.”“. It is my personal view that I agree with this, I agree because I think I speculatively figured out the puzzle. He was a reservist, Reserve Navy and a Lieutenant at 51. So the Navy might not see him as ‘full’ or ‘equal’, this might have been his way, to read these documents at night, knowing that they will never have this level of clearance for such an amount of Top Secret information. With every additional document he would feel more in par with Naval Captains and Admirals, he would feel above all the others and if there was ever a conversation with people who did know, he had the option to leave the slightest hint that he was on that level, perhaps stating that he was also an NSA contractor. He star would suddenly be high with Commanders and higher. It is a personal speculation into the mind of Harold Thomas Martin III.

When we look at 18 U.S. Code Chapter 115 – TREASON, SEDITION, AND SUBVERSIVE ACTIVITIES. We see at paragraph 2381 “Whoever, owing allegiance to the United States, levies war against them or adheres to their enemies, giving them aid and comfort within the United States or elsewhere, is guilty of treason and shall suffer death, or shall be imprisoned not less than five years and fined under this title but not less than $10,000; and shall be incapable of holding any office under the United States“, now if we see the following elements ‘giving them aid and comfort within the United States‘ and the other elements are clearly stated as ‘or’ a case of treason could be made. In my view a person like that was guilty of treason the moment Top Secret materials were removed or copied from there assigned location and without proper clearance moved to an unsecure location. As an IT person Harold Thomas Martin III should have known better, there is no case of presumption of innocence. The fact that I made a case that he might have a mental issues does not mitigate it in any way, to do this in excess of a decade and even more insidious to do this for years after Edward Snowden got found out is also matter of concern.

The NSA has a sizeable problem, not just because of these two individuals, but because their servers should have has a massive upgrade years ago, in addition, the fact that contractors got away with all this is in equal measure even more insulting to a failing NSA. I can only hope that GCHQ has its ducks properly in a row, because they have had 3 years to overhaul their system (so tempted to put an exclamation mark here). You see, we have all known that for pretty much all of us, our value is now data. No longer people, or technologies, but data and to see 2 cases at the NSA, what was once so secret that even the KGB remained clueless is now, what we should regard as a debatable place. This should really hurt in the hearts of those who have faithfully served its corridors in the past and even today. In addition, the issues raised around 2005 by the CIA and other agencies regarding the reliability of contractors is now a wide open field, because those opposing it and those blocking data integration are proven correctly.

This now gets us to a linked matter. You see, it is not just the fact that the government is trailing in this field, because that has been an eternal issue. The issue is that these systems, due to the likes of Harold Thomas Martin III and Edward Snowden could be in danger of intrusions by organised crime.

For those thinking that I am nuts (on the road to becoming a Mars bar), to them I need to raise the issue of USB security, an issue raised by Wired Magazine in 2014. The fact that the USB is not just used to get data out, if malware was added to the stick, if it was custom enough, many malware systems might not pick up on it and that means that whomever got into the house, they could have added software, so that on the next run to copy a project, the system might have been opened up to other events. There is no way to prove that this happened, yet the fact remains that this is possible and the additional fact that this was happening for over 10 years is equally disturbing, because it means that the NSA monitoring systems are inadequate to spot unauthorised activities. These elements have at present all been proven, so there.

I think it is time for TRUSIX to convene again and consider another path, a path where USB sticks get a very different formatting and that its embedded encryption require the user, the location and the hardware id to be encrypted within the stick, in addition the stocks need to work with a native encryption mode that does not allow off site usage. Perhaps this is already happening, yet it was possible for Judas tainted Highwayman Harold to walk away with the goods, so something is not working at present. I am amazed that a system like that was not in place for the longest of times. I certainly hope that Director Robert Hannigan at GCHQ has been convening with his technology directors. In addition that there are some from Oxford and some from Cambridge, so that their natural aversion to the other, will bring a more competitive product with higher quality, which would serve all of GCHQ. #JustSaying

The one part where this will have an impact is the election, because this has been happening during an entire Democratic administration, so that will look massively sloppy in the eyes of pretty much every one, too bad Benghazi emails were not left that much under the radar, because that could have helped the Clinton election campaign immensely. Still, there are technology and resource issues. The fact that Booz Allen Hamilton gets mentioned again is unfortunate, yet this should only be a partial focus as they have 22,000 employees, so statistically speaking the number of transgressions is in that regard insignificant. What is significant is how these two got vetted and passed all their clearances. In addition to this there is the issue of operation centres. You see, if there has been data breaches, have there been system breaches? The question derives directly from the fact that data was taken off site and there were no flags or alerts for a decade. So at this point the valid question becomes whether NSOC and NTOC have similar flaws, which now places US Homeland Security in speculated direct data dangers. My consideration in this regard came from earlier mentions in this article. If any US opponent has a clue in this regard, what would be the repercussions, in addition, the question (due to my admitted ignorance) would be, did Edward Snowden have any knowledge of Harold Thomas Martin III, if so, was this revealed in any conversation Snowden would have had with a member of the FSB (there is absolutely no doubt that they had a ‘conversation’ with Edward Snowden whilst he was in sunny Moscow. If so, what data dangers is Homeland Security facing? If data was copied, it is not impossible that data was moved. If that has happened, any data event with any specific flag?

Now the next example is purely fictional!

What if conditionally an <!important> (or whatever flag the NSA uses in their data sets) was added or removed? If it was used to give weight to certain data observations, like a cleaning pass, the pass would either be useless, or misdirecting. All possible just because Harold Thomas Martin III had to ‘satisfy’ his ego. This is not whether it happened or not, this is about whether it was possible, which would give added voice to the NSA issues in play and the reliability of data. This is a clear issue when we consider that false journalistic stories give way to doubt anything the journalist has written, any issue with a prosecutor and all those cases need reviewing, so do you think it is any different for IT people who have blatantly disregarded data security issues? This is not some Market Researcher who faked response data, this is collected data which would have been intervened with, endangering the people these systems should protect. As stated, this is speculative, but there is a reality in all this, so the NSA will need to sanitise data and sources from the last 10 years. There is no telling what they will dig up. For me it is interesting to see this regarding Snowden, because I had my issues with him and how he just got data away from there. Now there is a chance that the NSA gets to rename their servers to NSA_Siff_01 to NSA_Siff_nn, wouldn’t that be the rudest wake up call for them? I reckon they forgot the old rules, the one being that technology moves at the speed of your fastest employee + 1 and the human ego remain the most dangerous opponent when it involves security procedures.

 

 

Leave a comment

Filed under IT, Law, Media, Military, Politics

Tagged as , , , , , , , , , , , , , , , , , , , , , , , , , , ,

September 26, 2016 · 13:14

The name of the sponsor

The article that was in the Guardian on Friday, gives us a few issues. You see, I have been looking at several issues in the tech world and I overlooked this one (there is only so much reading that can be done in a 24 hour range and it is a big planet). You see the article ‘Yahoo faces questions after hack of half a billion accounts’ (at https://www.theguardian.com/technology/2016/sep/23/yahoo-questinos-hack-researchers) gives us the goods from the very beginning. The quote “Yahoo’s admission that the personal data of half a billion users has been stolen by “state-sponsored” hackers leaves pressing questions unanswered, according to security researchers“, is one I would go with ‘and the evidence?‘, which gives us all kinds of related connections. The quote “Jeremiah Grossman, head of security strategy at infosec firm SentinelOne, said: “While we know the information was stolen in late 2014, we don’t have any indication as to when Yahoo first learned about this breach. This is an important detail in the story.”” is only one of a few issues at the heart of the matter. You see, when we look at the issues that are the plague of these start-up firms (Yahoo and Sony), we should think that they are start-up firms or they are massively negligent. In both cases their routers allowed for the transfer of massive amounts of data. As they are the same size in start-up (sorry, sarcasm prevails), we need to wonder how a few hundred million packages fall between the cracks of vision of whatever security element their IT has. We could wait until someone states that there is no security on that level and the race is truly on then!

This whilst additional support as seen stated by Chris Hodson, EMEA chief information security officer at enterprise security firm Zscaler, when we read: ““With no technical details included in Yahoo’s report about how the data was exfiltrated, just that it was, it’s impossible to assess credibility of the ‘state sponsored’ claim“, a statement I agree, but in addition, I also wonder why we aren’t seeing any reference or initial response from the FBI that this was from North Korea. It fits the time frame doesn’t it? First a dry run on Yahoo and the actual heist was Sony. Or perhaps some players are figuring out that North Korea was never an element and that someone clever enough found a flaw and hit both Yahoo and Sony. The quote “both from the date of the hack, almost two years ago, and from the first appearance of the dumped data on the dark web almost two months ago where it was being sold by a user named “Peace of Mind””, the speculation comes to mind: ‘perhaps this person is the second owner and this person is reselling acquired data’, which would make sense in several capitalisic ways. The article also enlightens what I believe to be a callous approach to security: “The breach also highlights a strong problem with “security questions”, the common practice of letting users reset passwords by answering questions about their first house or mother’s maiden name. Yahoo did not encrypt all the security questions it stored, and so some are readable in plaintext. While it may be irritating to have to change a stolen password, it is somewhat worse to have to change a stolen mother’s maiden name.” The insensitive disregard is clear when the security question is not encrypted and mum’s maiden name is given in plain text, adding to the personal data the thieves borrowed (long-term). Now, we know that there are in these situations several questions, and not all are really about privacy sensitive based data (like a favourite pet), but consider the 2013 movie ‘Now You See Me‘ Consider the dialogue in the New Orleans Show scene:

Jack Wilder: How could we, Art? We don’t have your password.
Henley Reeves: We’d need access to information we could never get our hands on.
Daniel Atlas: Yes, security questions, for instance, like, I don’t know, your mother’s maiden name or the name of your first pet.
Merritt McKinney: Where would we get that information, Art? You certainly would never tell us.

A movie gives us the danger to our goods a year before this data is stolen and nobody presses the alarm bell? The only part that would be even funnier if this was a Sony movie, but no, it was Summit Entertainment who brought this gemstone! Now, we know that life is not a movie, yet the fact that this part is stored as plain text, perhaps not the best solution! In addition as IT developers tend to be lazy, how many other firms, especially those who are a lot smaller, how are they storing this data? Also in plain text?

You see, I have seen parts of this issue too often. Too many firms have no real grasp of non-repudiation and go through the motions so that they seem (read: present themselves) to be about security, yet not really security driven. Because if the client doesn’t want it (many are too lazy), they have opted for it and they are in the clear. Yet when we see that the security questions are in plain text, questions should be asked, very serious questions I might add!

There is one more side to all this, the Guardian raises it with: “what happens to the company’s multi-billion dollar merger with Verizon now? Kevin Cunningham, president and founder at identity company SailPoint, argues that the breach should already be priced in“, we then see the issues of thoroughness raised from Verizon, but in all this, the data theft does not makes sense. You see, if my speculation is true and “Peace of Mind” is the first sales iteration, was this ID the only customer? If so, how come that the sale took this long, the timeout between the event in 2014 and the optional sale a few months ago is weird, as accounts change so quickly, the power and value is in quick sales. To put it in perspective, selling the data to 10 people for a total of 5% of the value is safer then awaiting for one person getting 70% of the value 90 days later. This is a movers and shakers world, the 90 day person is a perhaps and these people are about the ‘cash now’. The market stall people! So in this an 800 day customer implies that there might have been ulterior reasons. Which one(s) I can only speculate on, and I prefer not to do that at present. Now, in that side, it is of course possible that this was ‘state-sponsored’ and it was sold on to keep the wolves at bay, but that too is speculation with absolutely no data to back the speculation up.

Verizon might have taken a calculated level of risk in acquiring Yahoo, yet if the data transgression was never divulged, would this be a case of fraud? The US has the “benefit of bargain” rule, so there could be a decent case of represented and actual value. In addition if we allow for Special damages from a legally recognizable injury to be held to be the cause of that injury, with the damage amounts to specificity. If the data theft would have been known, the value of the firm would have been a lot lower.

Unless this was clearly disclosed to Verizon (I actually do not know), Verizon might have a case, which would be disastrous for Yahoo.

If we consider the news from July at NBC (at http://www.cnbc.com/2016/07/25/verizon-to-acquire-yahoo.html), the setting is not just “Microsoft, Yahoo and AOL lag far behind and have lost market share“, there is no guarantee that those hit by the hack will remain in their Yahoo setting. Google has made it far too easy for people to switch over. The effort made in the past to transfer towards Google could inspire those people to switch to Google, import their mails and start with little or no loss at all. Which means that it is not impossible that Verizon after the merger remains a one digit digital marketing group, something I feel certain Verizon never counted on.

So where is this going?

There are two sides to this, not only is this about cyber security, or the lack thereof. The fact that Verizon has no unlimited data and those with Yahoo accounts who had them will now see their prices go up by a lot (when is this not about money?). Verizon has a 100GB shared option at $450 a month, which is beyond ridiculous. In Australia, iiNet (an excellent provider) offers 250GB for $60 a month and in the UK British Telecom offers a similar plan for no more than £21 a month (which is about $35), considering that BT is not the cheapest on the block, I have to wonder how Verizon will continue, when people have to switch, because their music apps (radio and so on) drain their data account at 6-8GB per day (a harsh lesson a friend of mine learned). Meaning that Verizon is actually a disservice to open internet and free speech. As I see it, free speech is only free if the listener isn’t charged for listening, or better stated, when certain solutions are locked to be not via Wi-Fi, meaning charged via bandwidth. So the accounts were one side, the amount of data breeches that we are seeing now (on both the Verizon and Yahoo side) imply that not only are they too expensive, they aren’t as secure as they are supposed to be and in addition, cyber laws are blatantly failing its victims. Having your data in plain text at $450 a month seems a little too unacceptable, merely because the odds to keep your fortune in Las Vegas tend to be better than this.

So now consider the sponsor, the people behind the screens on both the corporate and hacking side. So let’s take a look

Corporate

Here the need for security is essential, yet there is clear indication that those aware of spreadsheets (read: Board of Directors) are in equal measure naive and blatantly unaware that data security is essential and not the $99 version in this case. The cost of secure data is ignored and in many cases blatantly disregarded. The Yahoo case is inferior to the Verizon data transgressions that have been reported in this year alone. It is so nice to read on how the health industry is hit by organised crime, yet the amount of theft from their own systems is a lot less reported on. I find most amusing the text that the Verizon Data Breach Investigation Report shows: “Yes. Our vulnerability management solutions identify and fix architectural flaws in POS and other patientfacing systems“, “Yes. Our identity and access management solutions prevent the use of weak passwords, the main cause of data breaches in the healthcare industry” and “Yes. Our intrusion detection and threat-management solutions help detect and mitigate breaches more quickly, limiting the damage caused” (at http://www.verizonenterprise.com/resources/factsheet/fs_organized-crime-drives-data-theft-in-the-healthcare-industry_en_xg2.pdf), I reckon that a massive overhaul of their own systems has a slightly higher priority at present. In addition there is no information on how secure the Verizon Data Cloud is. It doesn’t matter who provides it (as I see it), and I reckon we see that iteration hit the news the moment we learn that the UK Ministry of Defence Cloud gets tweaked to another server that is not under their control. It is important to realise that I am NOT scaremongering, the issue is that too many players have kept the people and corporations in the dark regarding monitoring options, intrusion detection and countermeasures, with the cloud, any successful intrusion has the real danger that the data hack is more complete and a lot larger in data loss. Moreover, Microsoft and Microsoft employees have one priority, Microsoft! Consider that any Microsoft employee might not be as forthcoming with Cyber transgressions, no matter what agreed upon. After the agreement, any internal memo could sidestep a reportable transgression. It is a reality of corporate life. In this, until the proper military staff members get trained, the Ministry of Defence (read: as well as GCHQ to some extent) will be catching up through near inhumane levels of required training, which gets the Ministry burnout issues soon enough.

Hackers

No matter how small, these attacks (yes plural) required serious hardware and access to tools that are not readily available. So whomever involved, they are either organised crime, or people connected to people with serious cash. This all gets us a different picture. I am not stating that some hackers work for reasons other than ideological. The rent in mum’s basement and hardware needs to be paid for, if not that, than the electricity bill that will be in excess of $130 a month. It might be trivial to mention, yet these little things add up. Hardware, electricity, storage, it gives the rising need of a sponsor for these hackers. There is no way to tell whether this is ideological (to show it can be done), technological (selling the flaws back to the makers of the solution), or criminal (to sell the acquired data to a competitor or exploiter). We can assume or speculate, but in reality, without additional evidence it is merely a waste of words.

So even if we know the name of the sponsor, this hopefully shows that the need to divulging information on data transgression has been way too light. In the past there was a ‘clarity’ that it was onto the firm to give out, but as they seemingly see it as a hazard to their wealth, too many victims are kept in the dark and as such, the financial danger to those victims is rising in an unbalanced way. If you would doubt my words, consider the article at http://www.geek.com/games/sony-psn-hack-is-only-the-4th-largest-data-breach-of-all-time-1390855/, which was set in June 2009. Geek is not the news cycle you might desire, but the summary is fine and confirmable. The hack to the Heartland Payment Systems January 20th, 2009 might be one of the more serious ones, the 130 million records was more complete and could have a more devastating effect on the US population then most others. From my point of view, a massive shift to proactive data security should have been law no later than 2010, I think that we can safely say that this never happened to the extent required, which is another nice failure of the political parties at large and as such, this could get a lot uglier soon enough. The article also shows a massive Sony failing as there have been 6 large breaches in 2011 alone, so the Sony hack of 2012 shows to be a continuing story of a digital firm who cannot get their act together. That was never in question, in combination with the latest revelations, there is the added pressures that this cannot be allowed to continue and these firms need to start being held criminally negligible for transgressions on their systems. Just like in torts regarding trespass, it should be actionable perse. In addition, the hackers should be held in that same way, with the bounty changed to no less than double digit jail with no option for parole. The mere realisation that there is a high price for these transgressions might be the only way to stop this and in this age should not be a distinguishing factor, so any teenager hoping for an adventure with a nice pay package could end up not getting laid until they turn 30. The last part is unlikely to be a reality ever, but the fact that this is where we should have been going needs to be stated, for the mere reason that a shown failure of nearly a decade is no longer an option to ignore, not when the stakes are getting to be this high.

Leave a comment

Filed under IT, Law, Military, Politics

Tagged as , , , , , , , , , , , , , , , , , , , ,

September 22, 2016 · 12:18

Targeting the FBI

Do not worry, the FBI is not under attack from any hostile force, in this particular case it is me who will be on the offensive regarding statements made in 2014. Let me explain why. To get to the start of this event, we need to take a step back, to be a little more precise we need to turn to the moment 645 days ago when we read that Sony got hacked, it got hacked by none other than North Korea. It took me around an hour to stop laughing, the stomach cramps from laughter are still on my mind when I think back to that day. By the way, apart from me having degrees in this field. People a lot more trustworthy in this field, like Kim Zetter for Wired Magazine and Kurt Stammberger from cyber security firm Norse. The list of sceptics as well as prominent names from the actual hacking world, they all had issues with the statements.

We had quotes from FBI Director James Comey on how tightly internet access is controlled there (which is actually true), and (at https://www.fbi.gov/news/pressrel/press-releases/update-on-sony-investigation) we see “the FBI now has enough information to conclude that the North Korean government is responsible for these actions“. I am pretty sure that the FBI did not expect that this would bite them down the track. This all whilst they rejected the alternate hack theory that Cyber Intelligence firm Norse gave (at http://www.politico.com/story/2014/12/fbi-rejects-alternate-sony-hack-theory-113893). Weirdly enough, the alternative option was no less than ten times more possible then the claim that some made. Another claim to have a giggle at came from Homeland Security, the quote was “The cyber-attack against Sony Pictures Entertainment was not just an attack against a company and its employees. It was also an attack on our freedom of expression and way of life“, which is a political statement that actually does not say much. The person making it at the time was Jeh Johnson.

You see, this is all coming to light now for the weirdest of reasons. The Guardian (at https://www.theguardian.com/world/2016/sep/21/north-korea-only-28-websites-leak-official-data). The subtitle gives us “Apparent error by a regime tech worker gave the world a rare glimpse into the few online sources of information available“, so one of these high profile worldly infamous hackers got a setting wrong and we get “But its own contribution to the world wide web is tiny, according to a leak that revealed the country has just 28 registered domains. The revelation came after one of North Korea’s top-level name servers was incorrectly configured to reveal a list of all the domain names under the domain .kp“, you see, here we see part of the fun that will now escalate.

In this I invite NSA director Admiral Michael Rogers and FBI Director James Comey to read this, take note, because it is a free lesson in IT (to some extent). It is also a note for these two to investigate what talents their agencies actually have and to get rid of those who are kissing your sitting area for political reasons (which is always good policy). When  the accused nation has 28 websites, it is, I agree not an indication of other internet elements, but let me add to this.

The need to prototype and test any kind of malware and the infrastructure that could actually be used against the likes of Sony might be routed via North-Korea, but could never originate there. The fact that your boffins can’t tell the difference is a clear given that the cyber branch of your organisations are not up to scrap. In that case it is now imperative that you both contact Major General Christopher P. Weggeman, who is the Commander, 24th Air Force and Commander, Air Forces Cyber (AFCYBER). He should most likely be at Lackland Air Force Base, and the phone number of the base is (210) 671-1110. I reckon setting up a lunch meeting and learn a thing or two is not entirely unneeded. This is not me being sarcastic, this is me telling you two that the case was mishandled, got botched and now that due to North Korean ‘expertise’, plenty of people will be asking questions. The time requirement to get the data that got taken was not something that happened overnight. For the simple reason that that much data would have lit up an internet backbone and ever log alarm would have been ringing. The statement that the FBI made “it was unlikely that a third party had hijacked these addresses without allowance from the North Korean government” was laughable because of those pictures where we saw the Korean high-command behind a desktop system with a North Korean President sitting behind what is a mere desktop that has the computation equivalent of a Cuisena Egg Beater ($19.95 at Kitchen Warehouse).

Now, in opposition, I sit myself against me. You see, this might just be a rant, especially without clarification. All those North Korean images could just be misdirection. You see, to pull of the Sony caper you need stimulation, like a student would get at places like MIT, Stanford, or UTS. Peers challenging his solutions and blocking success, making that person come up with smarter solutions. Plenty of nations have hardware and challenging people and equipment that could offer it, but North Korea does not have any of that. The entire visibility as you would see from those 28 domains would have required to be of much higher sophistication. You see, for a hacker, there needs to be a level of sophistication that is begotten from challenge and experience. North Korea has none of that. Evidence of that was seen a few years ago when in 2012 in Pyongyang I believe, a press bus took a wrong turn. When some reporters mentioned on how a North Korean (military I believe) had no clue on smartphones. I remember seeing it on the Dutch NOS News program. The level of interaction and ignorance within a military structure could not be maintained as such the military would have had a clue to a better extent. The ignorance shown was not feigned or played, meaning that a technological level was missing, the fact that a domain setting was missed also means that certain monitoring solutions were not in place, alerting those who needed to on the wrongful domain settings, which is essential in regards to the entire hacking side. The fact that Reddit and several others have screenshots to the degree they have is another question mark in all this last but not least to those who prototype hacking solutions, as they need serious bandwidth to test how invisible they are (especially regarding streaming of Terabytes of Sony data), all these issues are surfacing from this mere article that the Guardian might have placed for entertainment value to news, but it shows that December 2014 is a very different story. Not only does it have the ability to exonerate the

We see a final quote from Martyn Williams, who runs the North Korea Tech blog ““It’s important to note this isn’t the domain name system for the internal intranet,” Williams wrote. “That isn’t accessible from the internet in any way.”” which is true to some extent. In that case take a look to the PDF (at https://www.blackhat.com/presentations/bh-usa-07/Grossman/Whitepaper/bh-usa-07-grossman-WP.pdf) from WhiteHat security. On page 4 we get “By simply selecting common net-block, scans of an entire Class-C range can be completed in less than 60 seconds“, yes, I agree you do not get that much info from that, but it gives us to some extent usage, you see, if something as simple as a domain setting is wrong, there is a massive chance that more obscure essential settings on intranet level have been missed, giving the ‘visitor’ options to a lot more information than most would expect. Another matter that the press missed (a few times), no matter how Time stated that the world was watching (at http://time.com/3660757/nsa-michael-rogers-sony-hack/), data needs to get from point to point, usually via a router, so the routers before it gets to North Korea, what were those addresses, how much data got ported through?

You see, the overreaction from the FBI, Homeland Security, NSA et al was overly visible. The political statements were so out in the open, so strong, that I always wondered: what else? You see, as I see it, Sony was either not the only one who got hacked, or Sony lost something else. The fact that in January 2015 Sony gave the following statement “Sony Entertainment is unable to confirm that hackers have been eradicated from its computer systems more than a month after the film studio was hit by a debilitating cyber-attack, a report says“, I mentioned it in my article ‘Slander versus Speculation‘ (at https://lawlordtobe.com/2015/01/03/slander-versus-speculation/). I thought it was the weirdest of statements. Basically, they had almost 3 weeks to set up a new server, to monitor all data traffic, giving indication that not only a weird way was used to get to the data (I speculated on an option that required it to be an inside job), yet more important, the fact that access had not been identified, meaning it was secured gave way to the issue that the hackers could have had access to more than just what was published. That requires a little bit more explanation. You see, as I personally see it, to know a transgressor we need to look at an oversimplified equation: ‘access = valid people + valid systems + threats‘ if threats cannot be identified, the issue could be that more than one element is missing, so either you know all the access, you know all the people and you know the identity of valid systems. Now at a place like Sony it is not that simple, but the elements remain the same. Only when more than one element cannot be measured do you get the threats to be a true unknown. That is at play then and it is still now. So if servers were compromised, Sony would need a better monitoring system. It’s my personal belief (and highly speculative) that Sony, like many other large companies have been cutting corners so certain checks and balances are not there, which makes a little sense in case of Sony with all those new expansions corners were possibly cut and at that point it had an IT department missing a roadmap, meaning the issue is really more complex (especially for Sony) because systems are not aligned. Perhaps that is the issue Sony had (again this is me speculating on it)?

What is now an issue is that North Korea is showing exactly as incapable as I thought it was and there is a score of Cyber specialists, many of them a lot bigger then I will ever become stating the same. I am not convinced it was that simple to begin with, for one, the amount of questions the press and others should have been asking regarding cloud security is one that I missed reading about and certain governmental parts in the US and other nations have been pushing for this cheaper solution, the issue being that it was not as secure as it needed to be, yet the expert levels were not on par so plenty of data would have been in danger of breaching. The question I had then and have now a lot louder is: “Perhaps Sony showed that cloud server data is even less secure than imagined and the level required to get to it is not as high as important stakeholders would need it to be“. That is now truly a question that matters! Because if there is any truth to that speculation, than the question becomes how secure is your personal data an how unaware are the system controllers of those cloud servers? The question not asked and it might have been resolved over the last 645 days, yet if data was in danger, who has had access and should the people have been allowed to remain unaware, especially if it is not the government who gained access?

Questions all worthy of answers, but in light of ‘statements made’ who can be trusted to get the people properly informed? Over the next days as we see how one element (the 28 sites) give more and more credible views on how North Korea was never the culprit, the question then becomes: who was? I reckon that if the likely candidates (China, Russia, UK and France) are considered there might not be an issue at all, apart from the fact that Sony needs to up their Cyber game, but if organised crime got access, what else have they gotten access to?

It is a speculative question and a valid one, for the mere reason that there is at present no valid indication that the FBI cyber unit had a decent idea, especially in light of the official response towards cyber security firm Norse what was going on.

Could I be wrong?

That remains a valid question. Even when we accept that the number of websites are no indication of Intranet or cybersecurity skills, they are indicative, when a nation has less websites than some third world villages, or their schools have. It is time to ask a few very serious questions, because skills only remain so through training and the infrastructure to test and to train incursions on a WAN of a Fortune 500 company is not an option, even if that person has his or her own Cray system to crunch codes. It didn’t make sense then and with yesterday’s revelation, it makes even less sense.

Finally one more speculation for the giggle within us all. This entire exercise could have been done to prevent ‘the Interview’ to become a complete flop. You know that movie that ran in the US in 581 theatres and made globally $11,305,175 (source: Box Office Mojo), basically about 10% of what Wolf of Wall Street made domestically.

What do you think?

 

Leave a comment

Filed under IT, Media, Military, Politics, Science

Tagged as , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

September 21, 2016 · 11:17

The Right Tone

Today we do not look at Ahmad Khan Rahami, we look at the engine behind it. First of all, let’s get ugly for a second. If you are an American, if you think that Edward Snowden was a ‘righteous dude’, than you are just as guilty as Ahmad Khan Rahami injuring 29 people. Let’s explain that to those who did not get through life through logic. You see, the US (read: NSA) needed to find ways to find extremists. This is because 9/11 taught them the hard way that certain support mechanisms were already in place for these people in the United States. The US government needed a much better warning system. PRISM might have been one of these systems. You see, that part is seen in the Guardian (at https://www.theguardian.com/us-news/2016/sep/20/ahmad-khan-rahami-father-fbi-terrorism-bombing), the quote that is important here is “Some investigators believe the bombs resemble designs released on to the internet by al-Qaida’s Yemeni affiliate through its Inspire publication“, PRISM would be the expert tool to scan for anyone opening or accessing those files. Those who get certain messages and attachments from the uploading locations. To state it differently “the NSA can use these PRISM requests to target communications that were encrypted when they travelled across the internet backbone, to focus on stored data that telecommunication filtering systems discarded earlier“, so when a package is send through the internet and delivered, it gets ‘dropped’, meaning the file is no longer required. The important part is that it is not deleted, it is, if we use the old terms ‘erased’, this is not the same! When it is deleted it is removed, when it is erased, that space is set as ‘available’ and until something else gets placed there it is still there. An example you will understand is: ‘temporary internet files’. When you use your browser things get saved on your computer, smartphone, you name it. Until this is cleaned out, the system has that history and it can be recalled with the right tool at any given moment. PRISM allows to find the paths and the access, so this now relates to the bomber, because if correct, PRISM could see if he had actually gotten the information from Inspire magazine. If so, a possible lone wolf would have been found. Now, the system is more complex than that, so there are other path, but with PRISM in the open, criminals (especially terrorists) have gotten smarter and because PRISM is less effective, other means need to be found to find these people, which is a problem all by itself! This is why Edward Snowden is a traitor plain and simple! And every casualty is blood on his hands and on the hands of his supporters!

The right tone is about more than this, it is also about Ahmad Khan Rahami. You see, he would be a likely recruit for Islamic State and Al-Qaida, but the issue is that his profile is not clean, it is not the target recruit. You see, apart from his dad dobbing him in in 2014, he stands out too much. Lone wolves are like cutthroats. Until the deed is done, they tend to remain invisible (often remain invisible after the deed too). There is still a chance he allowed himself to be used as a tool, but the man could be in effect a slightly radicalised mental health case. You see, this person resembles the Australian Martin Place extremist more than the actual terrorists like we saw in Paris. I reckon that this is why he was not charged at present. For now he is charges with attempted murder (3 hours ago), yet not all answers have been found. You see, the quote “they had linked Rahami to Saturday’s bombing in Chelsea, another unexploded device found nearby, both constructed in pressure cookers packed with metallic fragmentation material. They also said he was believed to be linked to a pipe bomb that blew up in Seaside Park, New Jersey, on Saturday and explosive devices found in the town of Elizabeth on Sunday“, the proper people need to ascertain whether he is just the set-up, or a loser with two left hands. The FBI cannot work from the premise that they got lucky with a possible radicalised person with a 60% fail rate. If he is the start of actual lone wolves, PRISM should have been at the centre of finding these people that is if Snowden had not betrayed his nation. Now there is the real danger of additional casualties. I have always and still belief that a lot of Snowden did not add up, in many ways, most people with actual SE-LINUX knowledge would know that the amount of data did not make sense, unless the NSA totally screwed up its own security (on multiple levels), and that is just the server and monitoring architecture, yet I digress (again).

The big picture is not just the US, it is a global problem as France found out the hard way and new methods are needed to find people like that. The right tone is about keeping the innocent safe and optional victims protected from harm. The truth here is that eggs will be broken, because an omelette like this needs a multitude of ingredients and not to mention a fair amount of eggs. The right tone is however a lot harder than many would guess. You see, even if Man Haron Monis (Martin Place Sydney) and Ahmad Khan Rahami both could be regarded as mental health cases (Man more than Ahmad), the issue of lone wolf support does not go away. Ahmad got to Inspire magazine in some way. Can that be tracked by the FBI cyber division? It might be a little easier after the fact, so it becomes about backtracking, but wouldn’t it have been great to do this proactively? It will be a while until this is resolved to the satisfaction of law enforcement and then still the question becomes, was he alone? Did he have support? You see a lone wolf, a radicalised person does not grow from within. Such a person requires coaching and ‘guidance’. Answers need to be found and a multitude of people will need to play the right tune, to the right rhythm. The right tone is not just a mere consideration, in matters like these it is like a red wire through it all. It is about interconnectivity and it is always messy. There is no clear package of events, with cash receipts and fingerprints. It is not even a legal question regarding what was more likely than not. The right tone is also in growing concern an issue of resources. It isn’t just prioritisation, it is the danger that mental health cases drain the resources required to go after the actual direct threats. With the pressures of Russia and the US growing, the stalemate of a new cold war front works in favour of Islamic state and the lone wolves who are linked to someone, but not usually know who. The workload on this surpasses the power of a google centre and those peanut places tend to be really expensive, so resource requirements cannot be meet, so it becomes for us about a commonwealth partnership of availability which now brings local culture in play. The intelligence community needs a new kind of technological solution that is set on a different premise. Not just who is possibly guilty, but the ability of aggregation of data flags, where not to waste resources. For example, I have seen a copy of Inspire in the past, I have seen radicalised video (for the articles). I don’t mind being looked at, yet I hope they do not waste their time on me. I am not alone. There are thousands who through no intentional act become a person of investigative interest. You see, that is where pro-activity always had to be, who is possibly a threat to the lives of others? The technical ability to scrap possible threats at the earliest opportunity. Consider something like Missing Value Analyses. It is a technique to consider patterns. SPSS (now IBM Statistics) wrote this in its manual “The Missing Value Analysis option extends this power by giving you tools for discovering patterns of missing data that occur frequently in survey and other types of data and for dealing with data that contain missing values. Often in survey data, patterns become evident that will affect analysis. For example, you might find that people living in certain areas are reluctant to give their annual incomes, thus creating missing values in your data. If you leave these values out, are your statistical conclusions valid?” (Source: M.A. Hill, ‘SPSS Missing Value Analysis 7.5’, 1997). This is more to the point then you think. consider that premise, that we replace ‘people living in certain areas are reluctant to give their annual incomes’ with ‘people reading certain magazines are reluctant to admit they read it’. It sounds innocent enough when it is Playboy or penthouse (denied to have been read by roughly 87.4% of the male teenage population), but what happens when it is a magazine like Inspire, or Stormfront? It is not just about the radicalised, long term it must be about the facilitators and the guides to that. Because the flock is in the long term not the problem, the herder is and data and intelligence will get us to that person. The method of getting us there is however a lot less clear and due to a few people not comprehending what they were doing with their short sightedness, the image only became more complex. You see, the complexity is not just the ‘missing data’, it is that this is data that is set in a path, this entire equation becomes a lot more unclear (not complex) when the data is the result of omission and evasion. How the data became missing is a core attribute here. Statisticians like Hackman and Allison might have looked at it for the method of Business Intelligence, yet consider the following: “What if our data is missing but not at random? We must specify a model for the probability of missing data, which can be pretty challenging as it requires a good understanding of the data generating process. The Sample Selection Bias Model, by James Heckman, is a widely used method that you can apply in SAS using PROC QLIM (Heckman et al., 1998)“, this is not a regression where we look at missing income. We need to find the people who are tiptoeing on the net in ways to not get logged, or to get logged as someone else. That is the tough cookie that requires solutions that are currently incomplete or no longer working. And yes, all these issues would require to be addressed for lone wolves and mental cases alike. A massive task that is growing at a speculated 500 work years each day, so as you can imagine, a guaranteed billion dollar future for whomever gets to solve it, I reckon massive wealth would be there for the person who could design the solution that shrinks the resource requirements by a mere 20%, so the market is still lucrative to say the least.

The right tone is an issue that can be achieved when the right people are handed the right tools for the job.

1 Comment

Filed under IT, Media, Military, Politics, Science

Tagged as , , , , , , , , , , , , ,

September 7, 2016 · 15:26

A bit in the stream

Something alerted me towards events this morning in LinkedIn of all places. There was a reference towards an article titled ‘New Accenture boss Bob Easton throws down gauntlet to big four on digital’ (at http://www.afr.com/business/accounting/new-accenture-boss-bob-easton-lays-down-gauntlet-to-big-four-on-digital-20160829-gr3huj ).

The initial quote is “The trouble is there is a lot of people running around talking about digital“, which is true. Bob Easton is right that there is a lot of talk about digital. Yet, when we look at the definitions, I wonder how many have a true grasp of digital. Even I myself wonder when the use ‘digital’ is warranted. You see, when it is media, my photography is digital, so is my filming. Advertisement is digital as it goes through AdWords and not trough the newspapers. Here is the issue. When is something digital? Bob Easton states in the article “they are confusing the market by misunderstanding digital strategy and lacking the global capabilities of his firm“, the fact that IBM took a massive hit is not a surprise because they are confused on the best of times. They still present the 14 managers and 2 technicians approach. I cannot speak for either PricewaterhouseCoopers in this instance, or for EY, but my last encounter with Deloitte gave a much better view on them and they seem to know it (to some extent). So where does this leave Accenture?

The term “moving to aggressively compete for work in the consulting, digital and business transformation space” is only a concern if they do not meet customers’ expectations. So where should they be?

So where should you be? You see Dave Aron from Gartner (at that time) gives me: “A digital strategy is a form of strategic management and a business answer or response to a digital question, often best addressed as part of an overall business strategy“, what I liked was “Every business and public sector agency needs both an IT Strategy and a Digital Business Strategy. They must be highly aligned with each other, but they are not the same thing“, which gives part of the goods, yet when we consider his claim “All aspects of the business strategy should be informed by digital considerations“, we tend to get confused here, because different elements have the same word (read: digital), but in that the setting is not the same.

We can see it as advancements in digital technologies such as computers, data, telecommunications and Internet, which is still true, but how to go about it?

A digital media manager looks at how to get the solutions towards their ROI, which in many turns means to get it all electronically solved, whilst keeping costs to a minimum. Here we see the first failing from IBM as they are about revenue and about getting the business onto their solutions. Even in a step by step solution it is about getting one foot into the door and upsell from there. That is not a solution for the client, it is merely a solution for the sales person’s target.

And in some cases there is no digital path, but to a lot of people that does not exist so they will feign a solution. As an example I have my old dentist, he had a card system so perfect that no IT solution could bring the goods. I saw yuppies in all sizes try to sell him a solution between 1983 and 1995, one failure after another. The mere realisation that not all solutions fit and that some solutions will drive down the ROI in unacceptable ways is why several of these players will never succeed. Because what the client truly needs is never addressed. If we take the approach from Macala Wright (at http://mashable.com/2012/09/05/how-to-digital-strategy/#oc3qMBqfF8qC)

We see a decently clear path. I can quote all the steps again, but the article has them down to a nice clean size, so reading it is a recommendation.

I am downgrading it to these four steps for comfort (read: mine).

  1. Identifying the opportunities and challenges in a business where online assets can provide a solution or a difference.
  2. Identifying the unmet needs and goals of the external stakeholders that most closely align with those key business opportunities and challenges, and especially if there are threats there.
  3. Developing a vision around how the online assets will fulfil those business and external stakeholder needs, goals, opportunities, challenges and threats.
  4. Prioritizing a set of online initiatives which can deliver on this vision.

These steps also include the views Cisco had in step 3, yet it is a watered down list. I am emphasising this as the entire ‘going digital’ is larger and more complex than most realise. When I look at what can be done and what can be achieved we need to realise that this all needs the decision makers to be aligned and in that both IT and business needs must be addressed. Most people going digital seem that it is a cheaper solution towards a better ROI. Yes, it is a path towards a better ROI, which will not make it cheaper. It requires serious investments and not tinkering around with half a dozen people working from home, sending in some finished element. Whilst the Australian Financial Review gives us a chart with Revenue versus margin and adds a little hype by adding AirBnB and Uber in the new business models, we see a forgotten element. You see, these new business models come with a little hook, one was highlighted by Bell Partners, where we see “Some critics argue that Uber drivers are not subject to the same premiums for compulsory third-party (CTP) insurance as taxis, as it is harder to identify an Uber car in an accident“. Is that so? So how does this impact the passenger? Until you are in an accident you might not care, but when the hospital bills come and the Uber player does not have the coverage, you will soon learn that hospitals are very expensive.

There is a lot of truth in the article and it is well worth reading, yet the lack of threats discussed is equally unsettling. The fact that Expenses in the digital world are up and very much so with Accenture is an element, and also a threat. You see, we all understand that there are a lot more expenses coming over (nearly all tax deductable), the matter of a shifting ROI remains and until the model is used to fuel growth the benefit will not be easily seen. For this path requires a globalising mindset. If you want to remain the big cheese in Darlinghurst and that is all you want, you need to consider what sides need the digital approach and what you want to grow. This for the mere reason that costs will come in the early days and if you are ready it is not an issue, if not, your ROI went straight into the basement, good luck enjoying that view!

Depending on your market, it will be about your customers and their experience, if that is not upgraded, then why byte into the digital apple? I truly worry about the bit you do not end up with, as you would limit your position and enable your competitor overnight. This is the part that is not addressed in many places, because everyone is in a sales hat thinking bonus and saying, we can get you onto the digital path! You see, the presentation in the AFR, regarding the digital disruption framework is aptly drawn as a spear point and it points towards you! The better the comprehension and implementation, the more it becomes a weapon of offense instead of a solution to suicide. In that regard, towards the offense we see that the spear could be the stepping stone that upgrades the customer experience and as such truly grow your business, which is exactly what it is, but it is not a cheap solution or an overnight solution, it is merely a new solution to grow towards places you never grew before, so you grow the options in getting a grown customer base, which is what many want.

The only question is how correctly the path has been drawn out and here we see the elements that Bob Easton sells on. Accenture seems to know this path through and through. We have seen how IBM scuttled their knowledge and for the most, the other players (read: self-proclaimed players) are not up to scrap, but their level of failure is not clearly shown, Bob Easton points at it, but there is clear doubt if that is a given, especially in the case of Deloitte.

Finally we see the mention of government contracts, which is of course fun to read. Especially as 20 years have shown me that the bulk of government is relatively clueless on any digital path, with Defence on a whole being close to the sole exception.

In all this I find one part slightly debatable, even as the chart makes perfect sense. The quote “Digitising the experience for your customers, digitising your internal operations and the creation of the capabilities to recognise and exploit new business models” is true, yet recognising new business models is always a non-given, because that requires the altered mindset of a board of directors, which tends to focus on the golf game and less on the balls they slice, which gives weight to the debate, not the issue with the model as shown. In that for Taxi’s the model makes perfect sense, because Uber is now forcing a different mindset on the taxi corporations. Yet consider the year before Uber started, how many Taxi companies were actively looking into new business models? That list is hugely close to zero!

I say that competitors and threats, the second more than the first is driving that element, which is why even in the digital move, a SWOT analyses tends to have more decisive impact on the decisions. When we know the elements strengths, weaknesses, opportunities, and threats, we can start to look at the options we have, and they do include the two Bob Easton axis scales namely Revenue and Margin. As stated, his view is not incorrect, I personally find it a little incomplete in this instance.

And to finalise this, the problem he states is on many levels, I am not even sure if America is the largest waster of options and resources here, yet when we see politicians go with (read: Donald Trump on CBS today) “you know cyber is becoming so big today. It’s becoming something that a number of years ago, short number of years ago, wasn’t even a word. And now the cyber is so big“, in this case Donald Trump for his elections. The fact that Cyber threats have been on the FBI agenda even before October 6th 1999, stating that the damage from those threats had surpassed 7 billion in Q1 and Q2 of 1999 gives us worry that Cyber and Digital are more than words and those who are aiming to be in a seat of power have not grasped it. The entire educational system is not ready for these changes, which is not their fault. The market that Bob Easton described has grown nearly exponentially and the next generation is not aware of what is what, that whilst the current generation is not up to scrap as to what the definitions are, how they should be seen and how they apply in a real time environment and the people in charge are not getting educated either, most they get is from trade shows dying for you to buy their solution, which is not much of an education and finally the previous generation that is hoping to make it to retirement before they have to learn it all.

That is the issue as it evolves. So we are all bits in the stream, bits of what? I am not sure if anyone can tell at present, but good luck trying to figure out where you are placed and where you stand, because resolving that will place you in a much stronger position than you were in this morning.

 

Leave a comment

Filed under Finance, IT, Media, Politics

Tagged as , , , , , , , , , , , , , , , , , ,