Tag Archives: FTI Consulting

February 3, 2020 · 21:46

6 simple questions

I have written about it before, yet the article last friday forces me to take more than another look, it forces me to ask questions out loud, questions that should have been investigated as this case has been running for two years, lets not forget the hairy Amazon owner had his smartphone allegedly hacked in 2018.

My article ‘The incompetent view‘ (at https://lawlordtobe.com/2020/01/28/the-incompetent-view/) was written on January 28th. I kept it alone for the longest of times, yet the accusations against Saudi Arabia, especially as that French Calamari UN-Essay writer is again involved forced my hand and the article last friday gives me the option to lash out and ask certain questions that the investigation optionally cannot answer, as such two years by these so called experts should be seen as 2 years by whatever they are, but I have doubt that expertise was part of the equation.

as such we begin with the Guardian (at https://www.theguardian.com/technology/2020/jan/31/jeff-bezos-met-fbi-investigators-in-2019-over-alleged-saudi-hack), here we see the following

NSO said: “we have not been contacted by any US law enforcement agencies at all about any such matters and have no knowledge or awareness of any investigative actions. Therefore, we cannot comment further.”“, which is a response towards the FBI who had been investigating NSO since 2017, which is based on the setting of “officials were seeking information about whether the company had received any of the code it needed to infect smartphones from US hackers

Yet it is the quote “Two independent investigators at the United Nations, Agnes Callamard and David Kaye, revealed last week that they have launched their own inquiry into allegations that Bezos’s phone was hacked on 1 May 2018 after he apparently received a video file from a WhatsApp account belonging to Mohammed bin Salman, the Saudi crown prince“, in this, can anyone explain to me why the UN is involved? I do not care how wealthy Jeff Bezos is and this has nothing to do with the Washington Post, either way this would be an initial criminal investigation, optionally running through the FBI.

  1. Why is the UN involved?

In defence we must observe “WhatsApp has said it believed NSO has violated criminal laws, including the Computer Fraud and Abuse Act, a federal law that is used to prosecute hackers. WhatsApp has claimed 1,400 users were hacked using NSO technology over a two-week period in April-May last year, after NSO was allegedly able to exploit a WhatsApp vulnerability that was later fixed

And again, we see that NSO technology is involved, yet FTI Consulting makes no mention of that part of the equation, more important whether the same atack was used, and in light of all this, we might see ‘NSO was allegedly able to exploit a WhatsApp vulnerability that was later fixed‘, yet when exactly was it fixed? That too is part of the equation.

When we look at the FTI report, other issues become surface materials. Like the quote “The phone maintained an unusually high average of 101MB of egress data per day for months thereafter, including many massive and highly atypical spikes of egress data. Forensic artifacts demonstrated that this unauthorized data was transmitted from Bezos’ phone via the cellular network.” What data was sent exactly? The report gives us: “they provide the ability to exfiltrate vast amounts of data including photos, videos, messages, and other private or sensitive files. It should be noted that spikes resembling these might occur legitimately if a user enabled iCloud backup over cellular data service. Bezos. however. had iCloud backups disabled on his device. Other legitimate causes of spikes in egress data could be if a user willingly uploaded or transmitted large amounts of data via a chat or messaging app. email client, or cloud storage service, but none of these activities were corroborated by GDBA or Bezos.

As such, as FTI Consulting gives us “Advanced mobile spyware. such as NSO Group’s Pegasus35 or Hacking Team’s Galileo,36 can hook into legitimate applications and processes on a compromised device as a way to bypass detection and obfuscate activity in order to ultimately intercept and exfiltrate data. The success of techniques such as these is a very likely explanation for the various spikes in traffic originating from Bezos’ device.” Yet is that what happened? lets not forget that the FTI Consulting report on page 16 states “The following investigative steps are currently pending.

  1. Intercept and analyze live cellular data from Bezos’ iPhone X“, as well as “2. Jailbreak Bezos’ iPhone and perform a forensic examination of the root file system.” steps that are seemingly incomplete and optionally not done at all, as such how did anyone in Saudi Arabia get fingered as the guilty party? It could be the German Cracking Service for all we know stating to Jeff Bezos ‘Copy me, I want to travel‘.
  2. Where is the evidence on the hack and the destination of the hacked data?

There are two parts in this, as I explained earlier, Vice.com gave an earlier consideration with ““Hacking Team was thoroughly owned, with its once-secret list of customers, internal emails, and spyware source code leaked online for anyone to see”” yet the stage that we see here, is merely a footnote in the FTI Consulting report and is given no weight at all.

This leads to the question 

  1. How was the phone of Jeff Bezos infected and where is that evidence?

This could lead to 3a. Who actually infected the iPhone of Jeff Bezos?

Which leads to the last part of last friday’s article and perhaps the biggest smear of all time “New revelations about the alleged hacking of Bezos’s phone have caught the attention of a handful of politicians in Washington who have sought more information about the alleged hack, including whether there was any evidence that Saudi Arabia had infected phones of any members of the Trump administration.” and because of this (as well as more) we get to:

  1. What exactly are the new revelations, as the FTI Consulting report is incomplete.
  2. Where is the evidence that Saudi Arabia infected ANY phones?

You see, someone infecting another person by claiming that they are someone they are not is at the core of this, as such any person in the room could have infected Jeff Bezos’s phone and optionally other phones too. Claiming to be MBS and being MBS are two separate parts. 

In this it was CNN who gave us “The report’s limited results are a reminder that it can be extremely challenging to reconstruct the activities of a determined, well-resourced hacker” and if hat is the setting, we again get to the stage where we cannot tell who infected the system of Jeff Bezos in the first place. As such Kenneth White (formerly with DHS) as well as  Chris Vickery (Director UpGuard) who gives us “other evidence provided by FTI increased his confidence that Bezos was being digitally surveilled“, we do not question that, we merely question the lack of evidence that points to Saudi Arabia as a perpetrator, basically the guilty party is not seen, because no evidence leading there is given, the fact that essential tests have not been done is further evidence still of the absence of any guilty party.

As that stands I merely end with the question:

  1. Why on earth is the UN involved in an alleged Criminal investigation where so much information is missing?

When we realise the small line in the Guardian “An analysis of the alleged hack that was commissioned by the Amazon founder has not concluded what kind of spyware was used” we are given a much larger consideration, if the spyware used is unknown, how can the data spy be seen? This gets an even larger mark towards the question when we consider “Check Point Research, however, recently unveiled new vulnerabilities in the popular messaging application that could allow threat actors to intercept and manipulate messages sent in both private and group conversations, giving attackers immense power to create and spread misinformation from what appear to be trusted sources.” (at https://research.checkpoint.com/2018/fakesapp-a-vulnerability-in-whatsapp/), and another source (at https://www.bleepingcomputer.com/news/security/whatsapp-vulnerability-allows-attackers-to-alter-messages-in-chats/) gives almost the same information and also has the text “Using these techniques, attackers can manipulate conversations and group messages in order to change evidence and spread fake news and misinformation“, the FTI Consulting report gives us nothing of that, and as it does not set the stage of disabling that these were options that were disregarded, we see that this mobile situation might not now or not ever see the light of day with an actual reference to an attacker that will hold water in any court. 

As such the UN will have a lot to explain soon enough, I got there through 6 simple questions, 6 questions that anyone with an application of common sense could have gotten to, I wonder why the UN did not get there, I wonder why FTI Consuilting handed over a report that was failing to this degree.

 

3 Comments

Filed under IT, Law, Media, Politics

Tagged as , , , , , , , , , , , , , , , , , , ,

January 28, 2020 · 11:17

The incompetent view

I’ll admit, there are other things to write about, yet this is a larger issue than anyone thinks it is. The previous writers did not ponder the questions that were adamant, and Stephanie Kirchgaessner follows suit (at https://www.theguardian.com/us-news/2020/jan/27/nsa-faces-questions-over-security-of-trump-officials-after-alleged-bezos-hack) when we consider that the focus here is the NSA in ‘NSA faces questions over security of Trump officials after alleged Bezos hack‘. You see, it is not merely the fact that they got the stage wrong, it is the fact that everyone is looking at the stage, whilst the orchestra is missing, so how about that part of the equation and that leads to very uncomfortable question towards WHY the US is tailing on 5G and why it is trying to tailgate into the 5G room. They forgot what real innovation is and Saudi Arabia is seemingly passing them by, a nation that has forever been seen as a technological third world is surpassing the US and it is upsetting more and more people.

The US National Security Agency is facing questions about the security of top Trump administration officials’ communications following last week’s allegations that the Saudi crown prince may have had a hand in the alleged hack of Jeff Bezos“, with this the article opens and basically nothing wrong is stated here, yet when seen in the light of the byline which was “Democratic lawmaker asks agency if it is confident the Saudi government has not sought to hack US officials“, as such it becomes an issue. first off, the question is not wrong, because the US administration has a duty to seek the safety of communications for its coworkers (senators and such), yet in all this, it does become a little more clear when we see “Ron Wyden, a senior Democratic lawmaker, asked the director of the NSA whether he was confident that the Saudi government had not also sought to hack senior US government officials“. You see in the first, Saudi intentional involvement was NEVER established, moreover, the report (I looked at that last week) has several hiatus of a rather large kind, as such the formulation by this 70 year old person is quite the other issue. 

It is my personal conviction that a Fortune 100 company should consider the danger they open themselves up to when letting cyber issues be investigated by FTI Consulting. The entire matter of how infection was obtained (if it was infection), and that the entire matter was instigated by any third party who had gained access to the phone of Jeff Bezos, and in all this enough doubt was raised who got access and more importantly that there was no evidence that this was ANY Saudi official, as such the short sighted “whether he was confident that the Saudi government had not also sought to hack senior US government officials” by a 70 year old who shows issues of lack of critical thinking, no matter what which school he went to when he was half a century younger.

And again we see the reference towards “The senator from Oregon is separately seeking to force the Trump administration to officially release the intelligence it collected on the murder of Jamal Khashoggi, the Washington Post journalist who was killed in a state-sponsored murder in October 2018“, which is another flaw as there was never any clear evidence that anyone in Turkey was “killed in a state-sponsored murder in October 2018“, more importantly, the French UN Essay writer who was seemingly involved in both reports is showing a lack of critical thinking all by herself.

All this whilst Paul Nakasone (director NSA) is confronted with “was believed to have been the victim of a hack that was instigated after he allegedly received a WhatsApp message from the account of Crown Prince Mohammed bin Salman“, the problem is twofold, in the first I personally see the report by FTI Consulting as a hack job, not a job on a hack. There are several sides that give doubt on infection source and moreover there is additional lack of evidence that the source was a Saudi one. More importantly other sources gave away issues on WhatsApp some time overlapping the event, exploits that made it into the press from all sides giving the weakness that any unnamed party could have played to be a Saudi delivery whilst the file was not from that delivery point. Issues that were out in the open and the report gives that FTI Consulting ignored them. It could read that a certain French Essay writer stated ‘I Have a Saudi official and an American phone, find me a link, any link‘, I am not stating that this happened, but it feels like that was the FTI Consulting case. When was the last time you saw an intentional perversion of justice and truth?

And when we see: “The issue is now the subject of an investigation by two independent UN investigators“, we see an almost completed path. When we see all this lets take a step back and consider. 

  1. An American Civilian had his mobile allegedly (and optionally proven) hacked.
  2. The hacker is not found, the one accused cannot be proven (at present) to be the hacker.
  3. This ends up with the UN?

And I am not alone here. Three days ago (after my initial findings) I see (at https://edition.cnn.com/2020/01/24/tech/bezos-hacking-report-analysts/index.html) the headline ‘Bezos hacking report leaves cybersecurity experts with doubts‘, there we see “independent security experts, some of whom say the evidence isn’t strong enough to reach a firm conclusion” as well as “several high-profile and respected researchers, highlights the limits of a report produced by FTI Consulting, the company Bezos hired to investigate the matter“, so basically, the hair lacking CEO, who owns the Washington Post (where Khashoggi used to work) is allegedly hacked, he seemingly hires FTI Consulting on what I personally believe to be a hack job on hacking phones and the UN is using that biased piece of work to slam Saudi Arabia? Did I miss anything?

Yes, I did, the quote “The report suggested the incident bore hallmarks of sophisticated hacking software“, the problem here is that there is no way to see WHERE IT CAME FROM. Yet other sources give out several pieces on WhatsApp and how other sources could have a free go at infesting people. All whilst we also see “the paper revealed a lack of sophistication that could have been addressed by specialized mobile forensics experts, or law enforcement officials with access to premium tools“, all this whilst the entire setting went around the existence of cyber divisions. There is a link Jeff Bezos – Amazon – FTI Consulting – United Nations. At no point in this do we see any police department, or the FBI, why is that?

As such when we see “A key shortcoming of the analysis, Edwards said, was that it relied on a restricted set of content obtained from Bezos’s iTunes backup. A deeper analysis, she said, would have collected detailed records from the iPhone’s underlying operating and file systems. Other security experts characterized the evidence in the report as inconclusive“, I would state that this is merely the beginning.

Rob Graham (CEO Errata security) gives us “It contains much that says ‘anomalies we don’t understand,’ but lack of explanations point to incomplete forensics, not malicious APT actors” and Alex Stamos, the former chief information security officer at Facebook and a Stanford University professor gives us “Lots of odd circumstantial evidence, for sure, but no smoking gun“, in all this the extreme geriatric Ron Wyden (Oregon) is asking questions from the NSA with the text “asked the director of the NSA whether he was confident that the Saudi government had not also sought to hack senior US government officials” with the emphasis on ‘also‘, a stage that is not proven, and more importantly is almost redundant in the hack job we got to read about. As such I am not surprised to see “FTI Consulting declined to comment“, I wonder why?

It is even more fun to see the CNN article have the stage where we see “a research group at the University of Toronto, offered a suggestion that could allow investigators to gain access to encrypted information that FTI said it could not unlock“, as such we see that there are skill levels missing in FTI, for the simple reason that this report was allowed to leave the hands of FTI Consulting, a Firm that is proudly advertising that they have 49 of the Global 100 companies that are clients. If I had anything to say about it, those 49 companies might have more issues down the road than they are ready for, especially as they have over 530 senior managing directors and none of them stopeed that flimsy report making it to the outside world. I would personally set a question mark to the claim of them being advisor to 96 of the world’s top 100 law firms. I would not be surprised if I could punch holes in more cases that FTI Consulting set advice to, in light of the Bezos report, it might not be too hard a stage to do.

CNN also has a few critical points that cannot be ignored. With “The report’s limited results are a reminder that it can be extremely challenging to reconstruct the activities of a determined, well-resourced hacker, said Kenneth White, a security engineer and former adviser to the Defense Department and Department of Homeland Security“, I do not disagree with that, but the stage where WhatsApp had a much larger problem, is a given, and the report does not bring that up for one moment, that report was all about painting one party whilst the reality of the stage was that there was an open floor on how it was done, yet the report silenced all avenues there. In addition, Chris Vickery (Director UpGuard) gives us “other evidence provided by FTI increased his confidence that Bezos was being digitally surveilled“. that is not in question, core information directs that way, yet the fact that it was a Saudi event cannot be proven, not whilst Jeff Bezos is around hundreds of people in most moments of the day, that part is the larger setting and FTI Consulting knowingly skated around the subject, almost as it was instructed to do so.

One expert who wanted to remain anonymous gave us all “There’s an absurd amount of Monday morning quarterbacking going on” as well as “This isn’t a movie — things don’t proceed in a perfect, clean way. It’s messy, and decisions are made the way they’re made“, that expert is not wrong, and he/she has a point, yet the foundation of the report shows a massive lack in critical thinking whilst the report relies in its text on footnotes (as one would) yet on page 3, the text is “Al Qahtani eventually purchased 20 percent ownership in Hacking Team, apparantly acquired on behalf of the Saudi government. 8

all whilst footnote 8 gives us “https://www.vice.com/en_us/article/8xvzyp/hacking-team-investor-saudi-arabia” so not only does the FTI Consulting Job rely on ‘apparantly‘, the article gives in the first paragraph “Hacking Team was thoroughly owned, with its once-secret list of customers, internal emails, and spyware source code leaked online for anyone to see” as such we see ‘spyware source code leaked online for anyone to see‘, how did FTI Consulting miss this? That and the WhatsApp issue in that same year opens up the optional pool of transgressors to all non state hackers with considerable knowledge, as such the amount of transgressors ups to thousands of hackers (globally speaking). 

FTI Consulting missed that! and it missed a lot more. The article also sets a link to David Vincenzetti and for some reason he is not even looked at, there is no stage in the FTI report that his input was sought out, which in light of all this is equally puzzling. He might not have had anything to report, or perhaps he had enough to report taking the focal point away from Saudi players, we will never know, the joke (read: report) is out in the open in all its glory on limitation. 

In light of all this, did the question by Ron Wyden to the NSA make sense? As far as I can see, I see several points of incompetance and that has nothing to do with the one expert stating that this is a messy, the entire setting was optionally incompetent and for certain massively incomplete. 

More importantly, the last paragraphs has more funny parts than a two hour show by Jimmy Carr. The quote is “Anyone who has had communication with either MBS or his brother Khaled should assume their phone is hacked. Congress needs to get answers from NSA on what it knew about the hack of Bezos phone, when it knew it, and what it has done to stop Saudi criminal hacking behavior” and it comes from CIA analyst Bruce Riedel. Now, the quote is fine, but the hilarious part is how it was phrased (expertly done). Lets go over it in my (super subtle) way: “Anyone who has had communication with either MBS or his brother Khaled should assume their phone is hacked by Saudi, US or Iranian officials. Congress needs to get answers from NSA for a change on a matter that they were never consulted on whilst the report ended up with the UN on what it knew about the hack of Bezos phone, a person who has a few billion and a lack of hair but beyond that has no meaning to the US economy, he keeps all his gotten gains, when it knew when the phone of a civilian was allegedly hacked and, and what it has done to stop Saudi criminal hacking behavior which is not proven at present other than by people who have something to gain from seeing the Saudi’s as the bad party (like Iran), all in a report that is lacking all levels of clarity and proper investigation“, this is an important setting here. Just like the disappearance of a Saudi columnist writing for the Washington Post (another Jeff Bezos affiliate), we do not proclaim Saudi Arabia being innocent, merely that the lack of evidence does not make them guilty, in the present the hacking issue does not make Saudi Arabia guilty, the irresponsible version of the FTI Consulting report shows a massive lack of evidence that makes any Saudi Arabian party more likely than not innocent of all this and as both reports have one UN Female French Essay writer in common, it is more and more like a smear campaign than an actual event to find out what actually happened. Who signed up for that? I wonder if the NSA did, I feel decently certain that until they get all the actual evidence that they do not want to get involved with political painting, their left foot is busy keeping them standing up in a world of hunkered and crouched idiots.

Yet that is just my simple personal view on the matter.

 

2 Comments

Filed under IT, Media, Military, Politics

Tagged as , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

January 24, 2020 · 11:45

Evidence? Why?

I ignored the news initially, as I saw it, it was nothing more than some bash piece on Saudi Arabia. Yet something hot me, it was just a thought and it was: ‘What if I illuminate parts and let common sense people decide‘ (which takes out many journalists and mostly all politicians). As for me? The issue is that the media is all about bashing any royal part of Saudi Arabia, all whilst ignoring evidence (and debatable evidence to a much greater degree, their pursuit of circulation and agreeing to the beat of shareholders and stakeholders has gone to the heads of too many editors and I get a real rush to illuminate this part.

I have never ignored evidence, yet just like with Huawei, it is seemingly all about the big bully shouting, whilst the deciding world for the most ignores evidence and I think that it is a weird situation. Not merely in this blog, but on a few matters, we will get to hold them to account in a few years, at that point these people will make hastily formulated excuses whilst running to their mummies to get breastfeeding (I reckon).

So, lets begin. In the first we have ‘How the UN unearthed a possible Saudi Arabian link to Jeff Bezos hack‘ (the Guardian at https://www.theguardian.com/technology/2020/jan/22/how-the-un-unearthed-a-possible-saudi-arabian-link-to-jeff-bezos-hack) as well as ‘Did Saudi Arabia’s crown prince hack the Amazon king?’ (the Economist at https://www.economist.com/middle-east-and-africa/2020/01/25/did-saudi-arabias-crown-prince-hack-the-amazon-king), a nice side effect is that the Economist, is viewed and acted on on the 24th of January, whilst the article states that it is the Jan 25th 2020 edition, but enough about that. Let’s start with the Guardian who tells us “The UN’s demand for law enforcement authorities to conduct a proper investigation into the alleged hacking of Jeff Bezos’s mobile phone came after it reviewed the findings of a cybersecurity firm, FTI“, we might not see anything here, yet the UN, who is underfunded and strained has time for this? Is this another US Essay like the one by some French girl on the killing of Jamal Khashoggi? And what about ‘after it reviewed the findings of a cybersecurity firm, FTI‘? This implies that the United Nations called for the inspection, notified a cyber security firm (FTI) and investigated the phone of some so called billionaire (postage and shipping required). So why exactly is this not with the police or an official investigative body like the FBI Cyber division?

Following this we get the real beef with “concluded with “medium to high confidence” that it had been compromised because of actions attributable to a WhatsApp account used by the Saudi crown prince, Mohammed bin Salman“, first of all, if I want to investigate the corruption at an army base, I will not go in as the lawlordtobe, I would enter the situation as some poor schmuck who is from the city of Noonecares. It is almost like an assasination and the official in question uses his own service revolver instead of someone else’s. And what goes with ‘medium to high confidence‘, what evidence was uncovered? Then we get the part where is all falls to shambles. With “The UN was careful not to be definitive. Instead of pointing the finger, its statement said the apparent hack had been achieved using software “such as NSO Group’s Pegasus or, less likely, Hacking Team’s Galileo, that can hook into legitimate applications to bypass detection and obfuscate activity”“, just like the Khashoggi essay fiasco, the UN is all about being not definitive, as such we want to know how accusations can be made when you are not definitive. As such I would like to point the UN troll to a kids game called Clue, there in that games (for ages 8+) we are introduced to the concept of evidence, where you need to collect facts and state “I am accusing Colonel Mustard who killed Dr. Black (aka Mr. Boddy) in the Kitchen using the lead pipe” and then we look at the evidence and see if the claimant had his or her facts straight. None of that CIA BS where we see ‘medium to high confidence‘, I would offer that if the confidence is already medium, what was not looked at and what was discarded. The statement comes directly before “The NSO Group, an Israeli cyber-surveillance firm, strongly denied that its surveillance tools were responsible“, as such we are left with ‘less likely, Hacking Team’s Galileo‘. so there is a mountain of doubt on an article that throws the Crown Prince of Saudi Arabia in a bad light and there is seemingly an increasing lack of evidence. As we go on, we see the NSO giving the statement that offers direct opposition to some firm called FTI with “These types of abuses of surveillance systems blacken the eye of the cyber-intelligence community and put a strain on the ability to use legitimate tools to fight serious crime and terror. We expect that all actors in this arena put in place stringent procedures and technological controls, such as those that we have put in place, to assure that their systems are not used in an abusive manner“, as such there are larger questions not merely on the UN for setting the stage of something that is not on their plate, they apparently went to another small operation (who knows) and let them set up the stage of doubtful and debatable documentation, doubtful as we get one of the implied companies go directly into denial and setting a document based on evidence that is regarded as ‘medium to high confidence‘.

And then something beautiful happens. We see “The FTI report cited by the UN special rapporteurs, Agnes Callamard and David Kaye, noted that both NSO and Hacking Team, an Italian company, offered tools that could theoretically have performed the attack” where we are (again) introduced to that UN essay writer, the one that had given us the joke called some Khashoggi report (Agnes Callamard), as well hiding behind ‘tools that could theoretically have performed the attack‘, the idea that this joke from a building based at 760 United Nations Plaza, Manhattan, New York City, New York 10017 and hide behind the word ‘theoretically‘, as such pardon my French (oh, that was funny!) but how the fuck does she still have a job?

For several reasons I will not use the Economist (as I am not a subscriber), but the quotes in their magazine “which was soon used to steal large amounts of data—though the un did not say exactly what, or how it was used” as well as “It called for an “immediate investigation”. The Saudi embassy in Washington, dc, said the accusations were “absurd”.

As I see it, the UN is nothing more than an advertising paper tiger, adhering to the commands of some stakeholder (identity unknown), if this was a direct action by the UN, those people need to be investigated immediately, I feel decently certain I will get both China and Russia to sign off on this, as this has the distinct smell that comes from neither region, so they would score a win, in addition to that, the UN would have to submit data as to what exactly was taken and how it could be identified, which is also an issue that is unclear and optionally unclear to the UN people involved. 

The Verge had a lot more, they had (at https://www.theverge.com/2020/1/23/21078828/report-saudi-arabia-hack-jeff-bezos-phone-fti-consulting) the actual report, and there we see on page one we see the person we need to hackle for information, it is Anthony J. Ferrante who needs to give us the names of who this so called ‘Confidential Report’ was given to, because it seems that it was leaked. And there we see the originator (vice.com) giving us “The report, obtained by Motherboard, indicates that investigators set up a secure lab to examine the phone and its artifacts and spent two days poring over the device but were unable to find any malware on it. Instead, they only found a suspicious video file sent to Bezos on May 1, 2018 that “appears to be an Arabic language promotional film about telecommunications.”“, however, this is not the end. They also give us “Investigators determined the video or downloader were suspicious only because Bezos’ phone subsequently began transmitting large amounts of data. “[W]ithin hours of the encrypted downloader being received, a massive and unauthorized exfiltration of data from Bezos’ phone began, continuing and escalating for months thereafter,” the report states“. In this I state OK, let’s take an actual look.

And they do give us more, quotes like “The digital forensic results, combined with a larger investigation, interviews, research, and expert intelligence information, led the investigators “to assess Bezos’ phone was compromised via tools procured by Saud al Qahtani,” the report states“, as well as “A mobile forensic expert told Motherboard that the investigation as depicted in the report is significantly incomplete and would only have provided the investigators with about 50 percent of what they needed, especially if this is a nation-state attack“, ““They would need to use a tool like Graykey or Cellebrite Premium or do a jailbreak to get a look at the full file system. That’s where that state-sponsored malware is going to be found. Good state-sponsored malware should never show up in a backup,” said Sarah Edwards, an author and teacher of mobile forensics for the SANS Institute“, and “The investigators do note on the last page of their report that they need to jailbreak Bezos’s phone to examine the root file system. Edwards said this would indeed get them everything they would need to search for persistent spyware like the kind created and sold by the NSO Group. But the report doesn’t indicate if that did get done.“, which is as I personally see it the shallow political BS that some people go for. As such we see in the report “The following investigative steps are currently pending“, and more profound, on page 4 we see: “On May 1st, 2018, Bezos received a text from the WhatsApp account used by MBS“, my issue here is that this might have been the infected one, yet if I did that, I would use an originator that was real. And there we have it, the Dailymail gave us ‘New bug allows hackers to send fake messages pretending to be you – and there’s nothing you can do to stop them‘ (at https://www.dailymail.co.uk/sciencetech/article-6039533/WhatsApp-users-beware-Hackers-send-fake-messages-pretending-you.html) with the additional text: “First discovered by Israeli cybersecurity group CheckPoint Research, the flaw is incredibly complex and involves a gap within the app’s encryption algorithms. Writing on their website, the team said the vulnerability could make it possible for a hacker ‘to intercept and manipulate messages sent by those in a group or private conversation’ as well as ‘create and spread misinformation’. Hackers could use the bug to alter the text sent in someone else’s reply to a group chat, essentially ‘putting words in their mouth’, the group said.

It took me 5 minutes and Google search to find this. I am not stating that this is true and that the Daily Mail is the source to use (they often are not), yet this is a larger failing, I expected this from the very beginning, the origins of the setting was not properly investigated. Then Vice.com gave us “the report is significantly incomplete and would only have provided the investigators with about 50 percent of what they needed“, which is what I expected before I read one word of the accusation, and with US Essay writer Callamard involved (yes again it is her) we see what this is, another mindless attack on a nation and one person. They did not even bother getting him properly smeared, and no one is asking questions, I reckon that the involved stakeholders are likely to go for the, if we create enough barbeques, someone will shout fire: ‘I ran’ for office! Anyone?

what is the most irritating part is that the UN is again used as the cheap tool that they are. In this there is also the involvement of the FTI and more interesting that a Cyber Security firm did not look past the simplest trappings, as as we consider the optional involvement of Anthony J. Ferrante we need to consider sending quota to all 49 of the Global 100 companies that are FTI clients. Even if it was merely to make a few people sweat. When a non Cyber adapt like me can see through this part they have a clear problem and whether Anony Mouse Bezos was part of this or not will not matter. There is one other part in the report that should be considered. On page 2 we see “More significantly. al Qahtani is known to have played a key and senior role in the killing of Washington Post columnist Jamal Khashoggi.” In the first, he was acquitted (in a Saudi trial) and there has been no other trials, as such the statement should be read as false, no clear evidence was ever presented. In the second, as this is part of the executive summary, it seems that this was a way to blatantly strike out against one individual and the evidence is not corroborating any of this, too many questions are left unanswered and the media is not asking them either, as such I wonder what is to be believed, especially in light of the Daily Mail ‘revelation’ last August, which implies long in advance of this report. The fact that this (optional) fact is ignored gives out a much larger issue, the work in incomplete, debatable and political, not factual, as such sending serious cyber letters to the 49 of the Global 100 companies that are FTI clients, as I personally see it, these players are all about facts and when their provider and be painted as open for considerations, we should entertain all kinds of questions. 

I would also look at the footnotes and take a larger look at that descriptive part, I wonder what is left once I have had the chance to take a red pencil through this report. Now, I am not stating that Crown Prince of Saudi Arabia Mohammad Bin Salman Al Saud is innocent, I am merely considering that his evidence is so shallow, that I would never accuse him of anything, not before a lot more work was done (and a lot more footnotes were properly weighed), in this consider on page 3 footnote 8. When we go there, we see that the article is Lorenzo Franceschi-Bicchierai a member of Motherboard (so why is there no Motherboard article that is the source), we see “An investor from Saudi  Arabia is apparently behind a company that bought a stake in the controversial spyware vendor” where ‘apparently‘ is the operative word. It is also where we see: “Hacking Team was thoroughly owned, with its once-secret list of customers, internal emails, and spyware source code leaked online for anyone to see“, were all these customers on a secret list investigated? There is also ‘spyware source code leaked online for anyone to see‘, a small fact that is apparently not investigated, additional players all optionally ready to give someone called Bezos the time of his on-line life. Then we get “this apparent recovery is in part thanks to the new investor, who appears to be from Saudi Arabia“, a line ruled by, you guessed it ‘apparent‘ and ‘who appears‘, so much filtering and doubt, and in this FTI used that as a footnote source? A program co-owned for 80% by none other then David Vincenzetti. That does NOT make HIM a guilty party and neither is there any convincing evidence of any kind towards the Crown Prince of Saudi Arabia Mohammad Bin Salman Al Saud.

When I see all this I wonder if the UN (or FTI) has any clue how much we should regard them as tools. I cannot tell at present what kind of tools they are, but my personal view is that if this is the debatable level of evidence that some employ, we all are in so much more trouble then we ever thought.

 

1 Comment

Filed under IT, Law, Media, Military, Politics, Science

Tagged as , , , , , , , , , , , , , , , , , , , ,