Tag Archives: GCHQ

Bring out your CV

The CBC had two articles last night, the first one I dealt with in the previous tory. This one can be found (at https://www.cbc.ca/news/politics/cse-candidates-hiring-cyber-1.6426275) ‘Ottawa needs more codebreakers — but spy agency says finding them isn’t easy’ and that is not even half the story. It is not a Canadian issue, it is a global issue. So when we see “Canada’s electronic spy agency, the Communications Security Establishment, is set to receive a large influx of funding to launch cyber operations and ward off attacks on government servers, power grids and hospitals.” It’s always nice to receive funding. But the reality is a little harder. I spoke about part of this in ‘Red flags’ (at https://lawlordtobe.com/2022/02/24/red-flags/) there were too many red flags and they are eager to charge a fair penny. Summits, courses and in some cases you do not even need an IT education, but a bachelor education is expected. It is a Wild Wild Cyber West out there and the problem is that there are too few stages where we can separate the good from the shallow. So when we see “CSE, which gathers and decodes signals intelligence and is also in charge of technology security for the government, says it receives 10,000 to 15,000 job applications per year. But only about one or two candidates out of 100 applicants go on to be hired after the skills testing and background security checks.” We see part of the problem. Have you seen it? It is seen in “about one or two candidates out of 100 applicants go on to be hired after the skills testing and background security checks”, the funnel needs inverting. Instead of seeking in the same place, seek somewhere else. Seek in the military and governmental technical support places. Seek in the places you overlook and hire these people. It is nice to hire that one bright light. We all want that, but who considered hiring the 20-50 that can overcome the ‘background security checks’ then start TEACHING them. Out of the 50 you educate whilst they are employed in several places you end up with 10-25 people ready to take the challenge instead of relying on the 1-2 candidates. When you need 1500 of them, my approach makes sense. Yes, you can try to get to the techies from the University of Toronto, but so is commercial land and they pay a lot better, so you need to hope to get the few with a calling, or you open the stage to a larger group and set them in all kinds of governmental fields, where there is a large shortage too. All sides that needs attending too and not all will end with the CSE, GCHQ or whatever Australia and New Zealand have, but all these governments have large shortages including their Cyber police and a few other places. It is time to change the way hiring is done all over the Commonwealth field because they are all coming up short and having different divisions that have shortages, so why are they not taking a hard look at what else is possible? If not these places will all end up in a bidding war like they saw in the 90’s and they will come up short again. Oh and whilst Amazon is desperately seeking 250,000 people and where do you think they will look next? The second plan (my crazy wild idea) gives the people a long term plan, long term employment and a larger setting of choice with one application instead of 5-15 applications. 

But this is only possible when some people take a long hard look at what they used to do and see what COULD be done. 750 application runs, or 60 application runs, what makes more sense? I will let you decide.

Leave a comment

Filed under IT, Law, Military, Science

Gapping data

I did take notice of the story, but there were other considerations. So what is the issue with a two week old story? Actually there is nothing wrong with the time gap, it actually works out nicely. Yet before we go anywhere, lets take a look at ‘A data ‘black hole’: Europol ordered to delete vast store of personal data’ (at https://www.theguardian.com/world/2022/jan/10/a-data-black-hole-europol-ordered-to-delete-vast-store-of-personal-data) there we are given “The EU’s police agency, Europol, will be forced to delete much of a vast store of personal data that it has been found to have amassed unlawfully by the bloc’s data protection watchdog.” Here I have an issue with the stage of “amassed unlawfully”, then we get “The unprecedented finding from the European Data Protection Supervisor (EDPS) targets what privacy experts are calling a “big data ark” containing billions of points of information. Sensitive data in the ark has been drawn from crime reports, hacked from encrypted phone services and sampled from asylum seekers never involved in any crime.” There we get “hacked from encrypted phone services and sampled from asylum seekers never involved in any crime” You see, the biggest problem in any data set are the data gaps. MISSING VALUE analyses will not get you anywhere and data cannot be analysed on data that is not there. As I see it, the commercial world amasses worlds of data and the EDPS (European Data Protection Supervisor) does next to nothing. We could start an argument that the EDPS is catering to organised crime, but that might be a stretch. I know my data has been collected by CIA, FBI, GCHQ, Mossad, DGSE and at least two other organisations. You think I care? I live my life and keep doing what I am legally allowed to do. The data merely reinforces this. So why is there such a rush to maim the mobility of Europol? I have nothing against laws, I believe that laws are important, but how stupid is it to set up the laws to hinder the law? When our data is all over Microsoft, Google, Amazon, GTCOM and whatever Russia has. The 4,000 TB that is to be deleted will serve organised crime and criminals, no one else. And more importantly it will not protect refugees, if anything, the data shows them to be innocent. Did no one make that leap? You see I oppose “Europol had worked with the EDPS “to find a balance between keeping the EU secure and its citizens safe while adhering to the highest standards of data protection”, the agency said.” I oppose it because data does not protect or endanger lives, it is the one wielding all that data does and whilst commercial enterprises are given a wide berth avoiding their ‘legal’ teams, the EDPS has to prove its existence by having a go at Interpol.

Yes, it is their job, but in what job do you hand opportunity to criminals, organised crime and terrorists? 

And the Guardian is appeasing the stage buy giving the simplest of examples, the example that makes you go ‘awww’. But the example “The political activist, whose only serious run-ins with police amount to breaking a window to gain entrance to a building and create a squat for homeless people, was removed from the Dutch watch-list by authorities in 2019. But a year prior to this removal he had moved to Berlin, which unknown to Van der Linde at the time prompted Dutch police to share his data with German counterparts and Europol. The activist discovered his entanglement with Europol only when he saw a partially declassified file at Amsterdam city hall.” So a criminal, guilty of breaking and entering, that is the simple truth. But we are not supposed to see that, are we? And when the next assault is not in London, but Amsterdam and the gapped data will show to have been an option to stop this, what will the EU give as a response? 

 

Leave a comment

Filed under IT, Media, Military, Politics, Science

The simplicity of a label

That is at times a setting, not the setting, but an option. You see it is easy to paint all the piggie’s pink, but at that time we end up with all the painted piggies and piglet. Yet is piglet the one we were looking for? That is one of the settings and my issue with ‘No 10 network targeted with spyware, says group’. The article (at https://www.bbc.com/news/uk-61142687) is not entirely wrong. But when I see “The Citizen Lab says it informed officials that suspected Pegasus spyware was discovered in 2020 and 2021, with the Downing Street incident linked to operators in the UAE.” My suspicious mind has questions. Now, I accept that the Citizen Lab has expertise and knowledge, I am not attacking that. It is the statement “The Citizen Lab, which tracks electronic surveillance, said in 2020 and 2021 it notified the UK government that networks belonging to both 10 Downing Street and the Foreign and Commonwealth Office were suspected to have been infected using Pegasus spyware.” You see, ‘suspected’ is all good and well, but were the suspicions properly investigated and confirmed, or is that all it was, a suspicion? And it does not get better when we see “in the UK a number of official phones were tested including those of the prime minister, but it was not possible to establish which device was infected or what – if any data – was taken”, as such there is a suspicion and a lack of confirmation of which device was infected, whether data was captured and what the outcome was. And it does not end there. The statement “the suspected Foreign Office infections were believed to be linked to operators of Pegasus in the United Arab Emirates, India, Cyprus and Jordan.” You see, not only is the method a problem (through lack of evidence), but how in the hell can it be fingered to operators from United Arab Emirates, India, Cyprus or Jordan? Sometimes the simplicity of a label also has the lack of clarity. 

Why Jeeves, why?
It is actually simple. These are a few names: EverC, Sentar, Ignitho, PhishLabs, AppDetex, CyberInt, CareMessage, and Geneca. Eight names, all competitors to the NSO group. They all have ‘their’ solutions, they all have their ways and they might not be as good as the NSO group, but these players are raking in the millions. It is not impossible that they planted NSO materials, or  use a ‘friend’ to infect NSO guided options to lead the trail away. All speculation and none may be true or factual, I accept that. Yet the article gives us nothing but suspicions, no facts, no evidence and it is all given weight by “linked to an investigation by the New Yorker magazine which looked at the targeting of individuals campaigning for Catalan independence from Spain”, so what does the New Yorker magazine have and how do the two matters connect (if they connect at all). Consider the price of an NSO infection (it is enough to buy a 2022 Ford Mustang 5.0L Fastback, shadow black) and as people tend to rate cars higher than any Catalan interest, the list of interested people grows short really fast, the sliver thin comparison makes me suspicious even more. And to complete matters “The Citizen Lab said it believed the Downing Street suspected infection was linked to the United Arab Emirates.” So not only is there no evidence that an infection took place, they have a suspect too?

All half way statements, all half baked evidence and the lack of evidence that shows some clarity. All whilst I found 8 options at the drop of a hat. And I can tell you right now. I have no evidence of ANY kind. Yet the writings of some lack evidence too. So what makes the press so hungry for alleged illumination of the NSO group and the UAE all whilst there is no clear evidence? 

Questions should be asked, but I believe that additional questions should be asked of people who have been linking certain events with the near total lack of evidence. And it matters, because if we see the allegations that No.10 network is infected (which would be interesting to ANY party with non-UK or anti-UK needs). So there is a drastic need for the minions of Ken McCallum to wake up and find out what is going on. It might be essential to get the GCHQ goblins active as well, it is a digital issue so GCHQ gets to be connected to this. 

Yet none of the parties have clear evidence and no one can prove that it was not a competitor, there are larger plays in actions and they cannot be identified with piggy pink. Yet the station is optionally served by paint and finding WHERE it leads could be beneficial, but that is merely my thought on the matter. So far the media I have seen tells me little and the accusations and links are a little too shoddy to my liking.

It stands to reason to state that I do not completely trust the BBC article, thee is nothing wrong there, but too little of it is right and does not sit well with me, but that is just me, and I do not trust anyone, a habit of the beast and thorough knowledge on knowing that the beast is a self serving entity in all this, it always has been.

 

Leave a comment

Filed under IT, Science

Coin number two

Yes, after the first coin (previous article) the second coin becomes a reality. Yet this coin is a lot more speculative, there is a side we do not know, we cannot know because we are not in the know. Anyone not part of their operations, is not privy to a lot of it and those who are not and make claims are lying to you. That is a simple truth. I am not in the know, I do not know and I speculate, or I make educated guesses, and I tell you that I do, but the truth of the matter is that I am NOT CIA, so I cannot tell what they are doing. 

Yet here we hit a snag. You see the BBC gave us yesterday ‘Ukraine: How crowdsourcing is rescuing people from the war zone’ (at https://www.bbc.com/news/technology-60785339), so there we see that civilians are more successful and more clued in than the CIA is? How screwed up is that? So in the article we get “They, in turn, send information in real-time about safe roads to drivers who can rescue busloads of people”, as well as “they are crowdsourcing safe passage out of a war zone.” And this differs from CIA extractions… how exactly?

A stage that could have been set up from the very beginning and the US did not do this. A stage that would have been on the forefront of GCHQ and MI6 from the beginning. But there is a seemingly large lack in activities by a few intelligence operators aren’t there? Is this evidence that there is a lack of funds, an indication that there is a larger lack of resources? Or is it mere speculation from my side and are they operating through crowdfunded operations? It is all speculations and it is less about the speculations and less about who is right and who is wrong. It is about what can be done and what should be done for the Ukraine. I get that, I am not singular or selfishly driven. But some out there are and their game is costing lives. I understand that governments for the most cannot get directly involved. But between full in and not in at all there is a difference and I am starting to rack up the questions on how governments did not act in Syria, how they knowingly and intentionally delayed nearly all actions in Yemen, now we see too many players dragging their heels in Ukraine. The jet setting between Poland and Ukraine and the connected US and Poland actions should have raised a lot more questions then were actually asked. The stage is larger, I get that. Yet the connected inactions should raise questions. Reuter gave us three days ago ‘UK says there is “very very strong evidence” Russia’s Putin behind war crimes in Ukraine’. Really? Very strong evidence? How is that for flaccid? And the UN, on March 2nd they gave us that Russia committed war crimes, yet how many actions were taken by governments? When we rack those tallies and we see inactions we can (speculatively) conclude that governments are either too poor, or too poorly stacked for any actions. And we wonder why China does not act and why Russia does not care?

Questions are coming and no answers are coming forward, not even by the media on either side of that equation. That’s just a thought for Sunday. 

Leave a comment

Filed under IT, Media, Military, Politics

Not so funny now, is it?

This al started in 2018. In that year I wrote 4 articles. In the first setting a premise that the entire matter does not fit the bill, the bodged assassination, the larger station of failure through complexity. It never made sense and I was clear about that. Yet I believe that MI5 ignored me on this (I would too, honestly) but I would investigate. You cannot be so warped as to think it would stay there. And I gave the larger station in ‘Something for the Silver Screen?’ (at https://lawlordtobe.com/2018/03/17/something-for-the-silver-screen/), ‘The man in the middle’ (at https://lawlordtobe.com/2018/08/07/the-man-in-the-middle/), ‘Could I be wrong?’ (at https://lawlordtobe.com/2018/09/06/could-i-be-wrong/), and ‘Investigating Self’ (at https://lawlordtobe.com/2018/09/12/investigating-self/). Over 4 articles I set a scene that optionally  included KalVista Laboratories and Porton Biopharma, not because they were guilty, but because they had the equipment that a Novichok maker required. There was laughter all around and I merely ignored it. Now the guardian (in an opinion piece) gives us ‘Putin has already deployed a chemical weapon. In Salisbury’ (at https://www.theguardian.com/uk-news/2022/mar/13/putin-has-already-deployed-a-chemical-weapon-in-salisbury), we see different parts here. Parts I never considered addressing or investigating, as it was not part of the out and open pieces seen. The Guardian gives us “It’s just four years too late. Because he’s already used unconventional weapons. Not in Ukraine, but right here, in Britain. On 4 March 2018, Putin deployed a chemical weapon against a civilian population. Our civilian population. Us.” As well as “The poisoning of Sergei Skripal may have played out in the British press as a “botched assassination attempt”, but that’s just half of a more terrifying story.” So in all it seems that someone is late to the party and before you wonder who, it is MI5. It is 4 years later and I am partially proven correct. Partial because even as I noticed the wallet fatteners, the station of uninvestigated county. I never had anything on Evgeny Lebedev (I had nothing to link him on in the first place) but that makes my scene a mere partial one. It seems that Carole Cadwalladr had more information and better linked information than I had. On the other hand I offered Leonard Rink from the beginning, others did not. And in the end the two Russian cathedral visitors might have been nothing more than a decoy, I gave doubt to a lot of issues there and no one else did (yay me). A station optionally missed by both CIA and MI5, I do say optionally as that is a hand you show no one and I get that. And when we are given “A year later, the Guardian would reveal that Johnson had travelled directly from that summit to the Italian villa of Evgeny Lebedev, the UK-based Russian newspaper proprietor. It published a photograph showing him alone and dishevelled at San Francesco d’Assisi airport, no security in sight.” Is anyone wondering if there is a security breach in progress? I certainly am. We can try and fit the pieces what we have, but it might be folly. There is enough indication that neither Carole or me have a complete picture, she merely make me boast towards a certain person at GCHQ “Not so funny now, is it?” And that is as good as my ego let it be, but I will snore like a baby soon enough (in about 635 seconds). 

Enjoy Monday!

Leave a comment

Filed under Media, Military, Politics, Science

Red flags

We all have them, we all see them, it is what comes next that matters. For me it was a visit to the introduction of a cyber course. There were so many red flags it was weird. The first flags came two days before the presentation, two emails to set the stage, one with the option to delay payment to six months after the course was done, the first sales pitch. Now there is nothing wrong with sales pitches, but here it seems misplaced, cyber space os pedantic to say the least. So I went to that presentation, even though there were already red flags going up. Then there was the event. To be honest, it wasn’t all their fault. There were IT issues and IT couldn’t figure out what was wrong. This happens, the moment sucks, but that is part of the game. 

Then there was the space, 2 attendants, the rest via zoom.  I was one of the two, no drinks, not even water. If it is a sales pitch, you want people relaxed, so how does a thirsty presentation go? They had bought water for themselves. Then there were no handouts, in case of a training you want people have the information, hand outs are a great option for them to have the slides and make notes. The presentation was not updated and was still saying November 2021, remember I stated pedantic? Then the presentation, so much mention of “You do not need to be from IT” and then all the examples of people who were from another education, there were good parts, but so much a sales-pitch. The number of red flags were passed and I left. 

So was I wrong?
There is no indication that they weren’t what they said they were, they were in a decent place, they did this with a well known University, so this was all on the up and up, but the hairs on my neck were up, it was about revenue, it was about sales and the approach was wrong. You see the article (at https://www.bbc.com/news/uk-60387324) gives some of the goods. It was titled ‘the con that tricked dozens into working for a fake design agency’, the BBC gave it two days ago and there we have the problem. The BBC gave us “those who had turned on their cameras didn’t know was that some of the others in the meeting weren’t real people. Yes, they were listed as participants. Some even had active email accounts and LinkedIn profiles. But their names were made up and their headshots belonged to other people.” The enforcing of a sales pitch. As such we see “the real employees had been “jobfished”. The BBC has spent a year investigating what happened.” You still think that being pedantic is something else than a virtue? Yes, we get “the job represented more than just a pay cheque – but a UK visa too. If they passed their six-month probation period, and met their sales targets, their contracts said Madbird would sponsor them to move to the UK” and there is the real pitch, exploitative slavery, hiding behind a piece of shit hiding behind “I have put 16 hours every single day for months and done the best that I could to make this work. I should’ve known better and for that I’m truly sorry.” No he isn’t and I feel that people like that should get one bullet through the back of their heads. We get “By February 2021, not a single client contract had been signed. None of the Madbird staff had been paid a penny”, we are given “Some recruits ended up leaving after a few weeks, but many stayed. Many had been there for almost six months – forced to take out credit cards and borrow money from family to keep on top of bills” that should have been a big red flag but in this world of pandemics, too many feel the pinch of desperation, but an agency that cannot pay you? That is an agency that has no real clients, no revenue and no real future at that point. We are given “a photo showing an open issue of GQ magazine, with Ali Ayad modelling a blazer in a full-page ad for Spanish fashion brand Massimo Dutti. “Hustle in silence, let your success make the noise,” read the caption.” As well as “a post claiming he had modelled for Massimo Dutti in British GQ which received 4,000 ‘likes’”, “Ali Ayad has over 90,000 followers on his Instagram – in his bio he describes himself as an “influencer”” as well as the stolen identities, I personally see a clear case for targeted killing. You see this world is changing and if State players can do the games they play, going after created leaks on Credit Suisse, hack and spell the goods through Pandora Papers, I can make a clear case that some of these exploitative nut-jobs are in the market for targeted killing. It is time that we clean the streets on both sides of the isle but not merely on red flags, that does not constitute evidence and for the Cyber setting I might be wrong, it is more than a gut feeling, it is more then small pressure point, it is more than a sales-pitch (which was never invalid) and the half dozen red flags I do not mention here is because they are personal, they are based on the corporate and university world I have faced over decades, and based on what THEIR bosses see as proper etiquette. The red flags does not mean wrong, it means that the pedantic levels I have seen in the cyber world does not constitute evidence, it does not and I know that. The BBC shows a different version, a version that it takes a year to get to a piece of shit like that. So when we see “We contacted all 42 brands Madbird had listed as former clients – including Nike, Tate, and Toni & Guy. None of those that responded had ever worked with Madbird.” We also see that this is becoming a much larger problem. And I have over 50 people for my case, some who lost thousands. I feel decently certain that the image he used is optionally not him, the stage of “Whilst Madbird and Ayad have seemingly vanished”, as I personally see it, the NSA/GCHQ better get fucking active, if players like this can play their tax the rich approach, they can also hunt down people like Ali Ayad and prove that they are serious about stopping certain crimes. The 50 people have rights and their rights were trampled upon. It was not mischief, it wasn’t some prank and it was not to do “the best that I could to make this work” it was exploitation, it was mislabeled slavery and it needs to stop. We cannot blame some of the social media on how people like this do what they do, but we can execute them. I prefer long term prison but so far Ali Ayad has vanished, and making him run in fear is better than him walking away to restart the scam somewhere else.

That is how I see it but here too is the problem. I am the problem on the relying of red flags, the setting of expectation regarding a pedantic setting, I get that, but between the two events is a borderline, I am not certain where it is, or where it should be, but that border needs to be created, governments have sat on their asses for too long and the wrong people are left with the bill of scammers, that is not completely on social media and more on governments, but that is merely how I see it and I admit, I could be wrong.

1 Comment

Filed under Law, Media

When ding-dong goes clingaling

Yes, as titles goes it is a snazzy one, yet there it is. It all started for me about 6 hours ago and I took notice of the news. The initial issue I had with it is usually seen in dictionaries. When you seek Grundlichkeit you get:

Gründlichkeit noun
thoroughness [noun] care; attention to detail; also see German intelligence services.

So knowing what was in stock I decided to take another look, especially in light that the news is now also all over LinkedIn. 

There are two sides. In the first there is that I have no idea whether she is right or wrong, I DID NOT SEE THE EVIDENCE. That needs to be clear from the very first setting. However, as I was looking into an article from August 2021 giving us “When activist Lilith Wittmann drew attention to a security problem with a CDU app, the party pressed criminal charges against her” (source: Berliner Zeitung). There we also see “The Landeskriminalamt – a branch of the police focused on serious crime – is investigating the IT security researcher – as she calls herself. The CDU lodged a criminal complaint against Wittmann after she told the party about a security vulnerability in the CDU-Connect election campaign app. The activist has thus became the target of a paragraph in Germany’s criminal code for which the CDU is chiefly responsible.” And there as a 25 year old, we see that she worked in this field for 10 years, so she started in this field when she was 15. When the BZ adds “Paragraph 202c makes the interception of data a punishable offence. The law is considered controversial because, depending on how it is interpreted, it also covers people who investigate security vulnerabilities in order to report them, not to exploit them. Thanks to §202, Wittmann could now stand trial” Yet that is not enough, the article (at https://www.berliner-zeitung.de/en/the-cdus-leaky-campaign-app-li.176310) also gives us “Due to a security gap in the app software, data on around 500,000 people who had been visited by CDU door-to-door campaigners had been stored on servers without any major security barriers and was therefore basically open to public scrutiny. She could also access the data of about 18,000 users registered with the app – i.e. election workers – as well as 1,300 records of people who had indicated that they wanted to support the election campaign.” The numbers and facts are not that important. It is “Wittmann had been alerted to the potential security vulnerability on Twitter back in May.” It matters that she never discovered it, it does not mean that the issue did not exist, it implies that she is someone’s tool. She becomes the alibi no ones to be. So when I see ‘Apple AirTags Used by German Researcher Uncover Secret Intelligence Agency’ (at https://www.techtimes.com/articles/270997/20220125/apple-airtags-used-german-researcher-uncover-secret-intelligence-agency.htm) I wonder what actually is going on. You see, the Tech Times article gives us “a German researcher has used one to expose the secrets of the government, according to Apple Insider”, this leads us to “Lilith Wittmann, a German activist, claims that she has uncovered how Germany’s Federal Telecommunications Service is just a front for a secret intelligence agency”, is it though? Do not get me wrong, I believe that the Dutch AIVD uses KPN Telecom, GCHQ uses British telecom and so on and that puts the NSA in a bit of a mess (especially if they rely on Sprint Telecom), with a big laughing out loud at the end of that. Yet to see these companies (including the German Federal Telecommunications Service) as an intelligence front is a bit of a stretch. What I see (due to the Berliner Zeitung) is a wannabe with a chip on her shoulder, She is seemingly used as a tool, but to what end is not clear, and it will not be clear until someone digs into the data she was led to. Yes, I am distinct here, Twitter led her to one part, but I reckon that she is someones tool. 

German intelligence (thanks in part to East German Stasi) is unearthly painted with the colour of grundlichkeit, so the story does not fit and 4 years after the Apple Watches leading to a black site makes the Apple gadget a clear no go. And when we see “Some of the steps that she details can no longer be reproduced, like looking up a list of federal authorities online. Similarly, the researcher includes transcripts of phone calls with an official whose phone number that she reports then has stopped working.” We see evidence that is not verifiable and the sinister theorists of a dark nature will rely on “You see! That is evidence” It is not, it really is not. There are other paths to verification and I see none of them, someone is leading us through some rabbit hole telling us to ignore the sideways there but that is a shallow setting to anything that makes sense. I personally see nothing more than an article to set a system up for clicking and receiving digital dollars (an applied click bitch principle). 

And in the middle of it, a self proclaimed activist who worked in cyber security since she was 15, she should know better and she should have been able to present more evidence if there was any. You see German grundlichkeit is one thing, systems with log files are another, the most basic setting in any system and it is not seen here. It is not reported here. Why is that? You see, as I personally see it grundlichkeit also implies records (to show grundlichkeit), records can be tracked, they rely on log files (in many cases) and in many cases it leads to something, not that it is valid, but it could imply that and now we see a cyber operator (to coin a phrase) who uses an Apple AirTag and she does not have a log file to present that shows us something? Weird is it not?

I think she is being used, for what, by whom and to what end remains unknown, but perhaps German intelligence might make something of it, and me? I am hungry and I have deserved an ice cream. I would go for Weißwürste with Haxen and a large Munich pint with Kaiserschmarrn yet I am in Australia, so an ice cream will have to do. 

Unfolding the ravings of a conspiracy theorist makes me hungry, I never knew why.

Enjoy!

Leave a comment

Filed under Media, Military, Politics, Science

Getting a mute to lead the blind

Confused? Good! It has been going on for a little while, but Al Jazeera heads the setting of others with ‘Is the US crackdown on spyware firms just getting started?’, the article (at https://www.aljazeera.com/economy/2021/12/22/is-the-us-crackdown-on-spyware-firms-just-getting-started) gives us “The Biden administration blacklisted Israeli spyware firm NSO in November, but experts say more needs to be done.” Well, that might b e nice, yet the absence of evidence means that they take to the streets with the stupid and flammable people. It becomes even worse with “a collaboration by Amnesty International and a coalition of media outlets – revealed that NSO’s software was sold to authoritarian governments that used it to spy on political leaders, journalists, executives and human rights activists, including people close to murdered Saudi journalist Jamal Khashoggi.” As I personally see it, it was a collection of wannabe’s and fakes. They are that because evidence was not ever presented. And now the plot thickens, you think it does not? Well hold on, we are about to really up the throttle on this.

You see Bloomberg hands over the evidence I claimed all along. I wrote in several articles that if that list of 10,000 numbers was real the NSO Group would have a $400,000,000 piggy bank. But Bloomberg gives us ‘Pegasus Spyware Maker NSO Group Throws Cash at New Ventures to Survive’, where we are treated to “Israeli spyware firm NSO Group burned through most of its cash this year in a desperate bid to move past the scandal surrounding its phone-hacking tool Pegasus, according to a person with knowledge of the matter and private financial documents seen by Bloomberg News”, this could be seen as implied evidence that the money was never there, as such the list has to be (to a larger) part fake. Something I saw in less than 5 minutes, but all these wannabe essay writers You know, the one the Guardian has in Washington DC, as well as a wannabe essay writer at the United Nations with an outspoken hatred of Saudi Arabia. All going on flames and friends, but not a lot of evidence. Last Week at Wired we also get ‘Google Warns That NSO Hacking Is On Par With Elite Nation-State Spies’, but I will get back to that. You see the Bloomberg article (at https://www.bloomberg.com/news/articles/2021-12-21/nso-group-burned-up-most-of-its-cash-to-shift-away-from-pegasus) also gives us “Two American funds have expressed interest in NSO’s Eclipse technology — which can detect, commandeer and land drones — and in its new big-data analytics platform, for which the company signed its first contract this quarter, the person said. Pegasus would either be shut down or brought under the same umbrella as the other businesses in a bet that U.S. ownership would improve its standing, according to the same person.” In this I personally think that these American Funds can go and get fucked (apologies for the language), you see if the NSO is on a blacklist, the Americans can go try and make it run on a kite. 

Although, there is every chance that China, Russia and optionally Saudi Arabia might want these technologies. So as we consider Wired giving us “The exploit mounts a zero-click, or interaction-less, attack, meaning that victims don’t need to click a link or grant a permission for the hack to move forward. Project Zero found that ForcedEntry used a series of shrewd tactics to target Apple’s iMessage platform, bypass protections the company added in recent years to make such attacks more difficult, and adroitly take over devices to install NSO’s flagship spyware implant Pegasus.” You see what Google (Apple too) isn’t telling you is that the transgression was possible to begin with. This is not some nerd in his mothers basement. This is the kind of person that can equal if not surpass both the NSA and GCHQ. More importantly both Google and Apple were not prepared, so just how many gaps are there in mobile phones? You want to complain about Huawei and their security dangers? Google and Apple are doing that all by themselves, just like Cisco did, but you probably missed those articles. Credit to Cisco of alerting everyone to this, but the media was eager to ignore it, much sexier to accuse Huawei without evidence.

So whilst the White House idiot gave the people a blacklisting, we get:  “NSO issued a statement at the time saying it was “dismayed” by the Biden administration’s decision and that its technologies “support US national security interests and policies by preventing terrorism and crime”” So now the parts are here, we get to my use of ‘White House Idiot’, fair enough! You see, as the finances show that members of the media have been lying (optionally by not vetting information). We also see that the members of the NSO Group might sell to anyone BUT the Americans. A stage that will cost America greatly, especially if China acquires this technology. So after they squandered weapons sales to Saudi Arabia (I am still hoping for my 3.75% bonus on sales to China), the setting is now that one of the most sophisticated pieces of intrusion software might end up where no one wanted it to go, it reminds me of the old saying regarding ‘A cornered cat’, and it serves the mother goose brigade as I personally see it and you can see it too, you merely need to look at the actual claims and the fact that we see words like ‘alleged’, we see ‘might be infected’ and we see no clear number system. No dashboard that gives optional validity to the claims by wannabe essay writers. 

You know what? I am slightly too angry. First the yanks go all out on Huawei whilst evidence was never presented, now we see that the 5G networks are AT BEST a mere 50% of what Saudi Arabia has and in case of the US it is a mere 1.4% of 1%, it is THAT slow. Now we see the same exercise and it will be anyones guess who ends up with the NSO group software. It will be up to the NSO group to decide, yet I feel strongly that it should never end up in American hands. A person should not be allowed to be THIS stupid and being given a slice of cake, if it does happen, it better be valued at several billions. If you are THIS stupid, you cannot be much of a software maker, so pay you will, optionally Google could buy it to make their hardware more secure. It is a stretch and it is a steep price, but it could mean that the Apple supremacy ends and that might be worth a bag of coins to Google. 

Yet the best moment was when I saw that the media nailed their own coffin (the finance bit), so whilst Wired and the Washington Post did the right thing, the others can take a long walk of a short pier as far as I see it. Oh yes, the Wired article was at https://www.wired.com/story/nso-group-forcedentry-pegasus-spyware-analysis/ 

One day until Christmas, I reckon it is that time of the year when we take a little more time to see what weapon systems are out for sale. I need a new hobby!

Leave a comment

Filed under IT, Media, Politics, Science

From one to the other

That is a setting we are all familiar with. We get one and it tends to lead to the other. This is as generic as it can be stated and it applies to pretty much anything. In my case it is more than speculation, although it is important to realise that speculation is part of this setting. The idea started recently as I got a hold of an interesting PDF, there are many like it, but this one is now downloaded and mine (a Stanley Kubrick pun). It is also a larger station in the actions of the CIA and NSA towards the ICIJ (their favourite tool) and the Pandora Papers. You know that trough of information with millions of documents and relying mostly on flames and 600 essay writers. There was a side I had suspected, but I am (still) lacking in evidence. Yet suddenly my eyes cross a research paper that was published in 2016. It is called ‘Analysing How People Orient to and Spread Rumours in Social Media by Looking at Conversational Threads’, yet the more I saw of it, the more the secondary station became ‘Analysing How People Orient to instigated Rumours in Media by starting Conversational Threads’. The research gives a lot and the setting of the ICIJ and the insanely stupid articles written by essay writers is starting to show a new surface. Now, I cannot state that this is the CIA and NSA, but the amount of transgressions leave the NSA as only viable option and as this is a stage to change the international political grounds of the US it seems more than likely that the CIA is holding the hands of the NSA (courting them) and that is a speculative view, but it is the one I have.

Consider the hundreds of thousands of documents. Consider the headlines we have seen and now we see ‘Panama Paper leaks: More than Rs 20,000 cr undisclosed credits detected for 930 India-linked entities, says govt’ (source: Times of India) and all whilst they still have had no time to make a dashboard. Now we can go with “India’s Income Tax Department has detected total undisclosed credits worth Rs 20,353 crore for 930 India-linked entities in the Panama and Paradise paper leaks, the government Parliament on Tuesday.” We can accept that, or realise that someone is there as a secondary channel whispering certain people certain things via another channel. Like: “I just noticed something interesting. Did someone look at the tax records of …..?” Yes, it is a bit of a stretch, but when you seek the original raw files and consider how many people were ‘suddenly’ found all whilst the ICIJ never gave a clear dashboard implies that there is some form of orchestration and no one is asking questions, especially the media.

We can go all conspiracy theory on this, or we can analyse (I opt for the second one), when you set out those threads things make little sense, it is almost top-line reporting by the chaotic, and I do not really go for that. 

To understand the link with the two elements, I offer “The spread of misinformation is especially important in the context of breaking news, where new pieces of information are released piecemeal, often starting off as unverified information in the form of a rumour. These rumours then spread to large numbers of users, influencing perception and understanding of events, despite being unverified. Social media rumours that are later proven false can have harmful consequences both for individuals and for society” from the article. In it self a statement, a theory (one that has been proven correctly) but a simple observation. I am altering it (to a small extent) to give us “where new pieces of information are released piecemeal, often handed to us as ‘from anonymous sources’ giving us a speculative ‘more than a rumour’ and eagerly accepted by the hungry, angry and frustrated media observers.” Here we need to observe two elements. Because my version fits, does not make it true, the data of this research was captured with other means and other observational investigations, you cannot take a research on Apples and a research on pears and combine them into research on fruit. It does not work that way, yet the eery side of how certain stages match and the ICIJ with their “We got it as long as we did not investigate the source”, If it was GCHQ, DGSE, FSB or the MSS, these 600 essay writers would be all over the limelight breaking that deal after the data was received, leaving us with the NSA and by popular foreign demand the CIA as a linked buddy. 

So, yes there is speculation and as long as you realise that you are OK. Yet the document (added at the end) shows a few more images (as phrases go) and that sets in motion a larger area of consideration (which is not the same as a larger stage). At first we see “One of the main challenges when studying rumours is to come up with a sound definition of the concept”, as well as “Highly reputable users such as news organisations tend to support rumours, irrespective of them being eventually confirmed or debunked, tweet with certainty and provide evidence within their tweets.” And when you combine the two you see the fictive validity of the ICIJ (as I personally see it). There is a snag, it is not out in the open, but the population at large is more and more questioning what defines a ‘reputable users’ and as such news organisations catering to certain elements are less and less seen as reputable. And there are cases all over the world where being first tends to imply that vetting can be done afterward. Not unlike the image below.

So as we see the escalation of the Pandora Papers more and more lacking clear evidence and relying on flames, there is now a perspective view that the CIA is setting a stage where THEIR political stage is altered and less desirable political players (and their wealthy friends) are suddenly in the limelight, with al the angry people aimed through emotional articles and flames.

Am I right? Am I wrong? 

I honestly do not know, but there is more and more published evidence adding to my side of the scales and it does not look good for the global press at present, or perhaps to the pool of media supporting the ICIJ with their own essay writers. I will let you decide, yet consider what is already out there and how the media is spiking its population to themselves for all kinds of reasons and why the neutral absolute truth is not considered. I am not super intelligent (more intelligent than most), as such others especially in media would have seen these elements, but somehow they do not report it, why?

I will let you brood over that part of the equation.

Leave a comment

Filed under Media, Politics

Reprising 39 steps

This is not about an alcoholic taking his 12 steps three times with 3 breaks. This is about a 1935 movie. An absolute masterpiece by Alfred Hitchcock. It is also one if the first exposures by Tinseltown of the use of industrial espionage. Over time there would be more cases and more events, yet the stage I saw today ‘Twitch confirms massive data breach’ (source: BBC) made me think of the earliest steps in that direction. Even as we are given “it comes at a time when competitors such as YouTube Gaming are offering huge salaries to snap up gaming talent, so the fallout could be significant.” This does not mean that Google was behind it, yet the larger stage is that Industrial espionage is at the seat of many corporations and these corporations have absolutely no idea what they are in for. There are no checks, no balances and at this point Twitch is in a stage where they could lose the bulk of their value overnight. So as I read “Twitch confirmed the breach and said it was “working with urgency” to understand the extent of it” I see a stage where a company was clueless and now less of a clue where their money will go in November 2021. 

Even as I think back to the 39 steps and the momentous line “The 39 Steps is an organization of spies, collecting information on behalf of the foreign office of…the design for a silent aircraft engine” but the one step they did not have in those days was the disgruntled employee. They can do in one hour more damage then Baker at MI-6 or Evans at MI-5 can do in a month, and companies are just not ready to take a larger setting of cyber and internal investigations serious. Fell free to doubt me and call +44 1242 221491 (GCHQ), they probably have a few leaflets and other information that will make any CTO cry like a little chihuahua. 

The problem how to go about it, as I see it it will be too late for Twitch, Microsoft was done for a long time ago and Google is one of the few who has a decent handle on cyber security. Yet the nightmare is actually a lot worse. To grasp this we merely need to take a look at ‘Industrial Espionage: Criminal or Civil Remedies’ by Gillian Dempsey (at https://www.aic.gov.au/sites/default/files/2020-05/tandi106.pdf) the quote “Australian companies should be mindful that competitors, and nations which might be hosts to Australian investment, may have a strong interest in Australian trade secrets and other economic intelligence. Although its incidence and prevalence are unknowable, industrial espionage by governments and private sector institutions is a fact of contemporary commercial life. Recent developments in the technology of intercepting communications make such activities easier to undertake and more difficult to detect than in the past.” There are a few issues and the biggest one is partnerships, find in that partnership two disgruntled employees on both sides of the fence and that company is pretty much doomed. Even if the law becomes adequate, the rules of evidence will get in the way because the bulk of ALL companies have a lovely disregard of non-repudiation, and the third party exploiting the two angry people will laugh all the way to his zero tax haven (Cayman Islands anyone?) And that stage will grow and grow, because there is a board room believe that their company will not get into that, all whilst they cannot see the pie chart as the chunky blubbernaut in the room ate it. And the game gets to go from bad to nasty, with cryptocurrency the appeal for many increases whilst the ability to find the people involved goes from tiny to a number approximating zero and the law is not ready, it hasn’t been ready for several years and as sources give us “One of the reasons why corporations engage in industrial espionage is to save time as well as huge sums of money. After all, it can take years to bring products and services to market and the costs can add up.” This is true but it is the setting that several people who were dismissed ended up with huge starting bonuses whilst being as productive as the janitors paperweight in that new company. So when did you get $675,000 a year with a startup bonus of $3,500,000 plus a piece of real estate in the Cayman Islands for surfing Facebook all day long? That is the setting that some companies face and until they adjust the safety in their firms, they are the companies with huge neon lights and the neon phrase ‘sucker’ right next to it. I was taught about non-repudiation at Uni 14 years ago and so far the amount of companies taking it serious is just as close to zero as the people getting convicted of it.

So whilst the media is flaming the $13,000,000 total twitch payments, we are all looking in the wrong direction. We see one side, and this might have been by disgruntled people (my speculation) but it was an attack of a side that Amazon had decently solidified, so what comes next and when will it impact something that YOU depend on? There was a lesson and it was handed to the people in 1935, so why did the decision makers not take the essential steps?

Perhaps they were done in some places but there is at present no evidence that any were done. 

Leave a comment

Filed under Finance, IT, Law, Science