Tag Archives: GCHQ

August 23, 2014 · 11:26

A spooky situation

It is another day and another article from the Guardian graces us. The headline ‘Isis beheading video brings calls for rethink of UK domestic terrorism fight‘ (at http://www.theguardian.com/politics/2014/aug/21/james-foley-isis-beheading-uk-counterterrorist-fight-in-crisis), was what called my attention. If ISIS events are now making Twitter change its policy, then I definitely need to take another look at the other articles. Yet, what is the Guardian article actually about? The article goes into several events, but has two parts that do matter. The first one is “The UK government was under pressure to rethink its approach to tackling domestic extremism as security services, led by MI5“, which is only part of an ’emotional sentence’ to rile the public. The second one was “Some 500 Britons are believed to have gone to Syria and Iraq and joined Islamist groups fighting there. Some 200 are estimated to have returned to the UK“, the rest are nice titbits, but the meat is there, now for the funny part. I already highlighted that need and that issue on June 8th 2013 in my blog ‘Privacy and (fake) fears‘, where I wrote:

They need these abilities to fight the existing and growing threat called ‘the lone wolf terrorist’. These people are guided by sources like ‘Inspire’ magazine, which is created by AQAP (al-Qaeda in the Arabian Peninsula). It is however not that simple. The real lone wolves get their ‘guidance’ remotely from sources most do not know and all that under the eyes of the Intelligence Community. To have a grip on stopping these people, monitoring the internet is essential to keeping us the common people safe.

This is why all these false ‘privacy’ driven issues. I personally still believe that a fair bit is scared to be caught out as they are doing the girl in the office, the neighbour’s wife of have a few dodgy fake investments lined up. Lust and Greed tend to be excellent bringers of worries.

I did like this quote “Former officers from MI6, the UK’s foreign intelligence service, have downplayed the threat to British security, while MI5 and the police have emphasised the threat“. I think they are both right, let me explain. ISIS has other fish to fry, for the most it wants to extent through Jordan into Sinai, when they have three sides pushing Israel and mounting up pressure to Egypt, possible hoping to radicalise the members of the Muslim Brotherhood that are in hiding now. That would be their first interest in setting off the ‘tinderbox of agony’ (sorry, I was playing Diablo 3 last night). So, that proves MI6, but what about MI5? Well, the 200 returned soldiers are still in the UK and it is very likely that part of that group is more in league with the vision of ISIS then the safety and comfort that the UK had offered them as they grew up in the UK. These people can convey messages, set up new ways to deliver news (like trough private channels in a MMORPG game in Facebook or freely downloaded, which is impossible to monitor) and recruit new people who have not left the UK, which would be a disadvantage to MI5. Now it is important to know that this is all speculation on my side. I cannot prove that this is happening, but is it not more likely than not that an extremist would like to propel his ‘rightness’ onto others? In that regards it might be nice to read ‘Avoiding the Traps of Extremism‘ by Samuel López De Victoria, Ph.D (at http://psychcentral.com/blog/archives/2011/10/07/avoiding-the-traps-of-extremism/). It is a decent piece, it is easy to read and it gives you a view that many can easily relate to. It also highlights on the dangers why extremism would be too easily brought to the hearts of the younger followers. No matter how much better life is in the UK, people there have had a very hard decade and only now, slowly is there the chance, not the assurance of economic relief. These recruiters are here in the twilight of a recession recruiting those who are at the end of their patience and that is what MI5 can clearly see (and with them a few others).

So they are both right, but there is a third part to this. This is again pure speculation, but from the events, when proven true, we could come to the conclusion that ISIS is playing a different game again. It is almost like someone took a look at American football and we see that they do not have one tactician in charge but two. Almost like offense and defence, but in the case of ISIS it is the daytime war commander for armies and open warfare and a night-time tactician, who is setting up the play for the lone wolf tactics. Perhaps the death of Osama Bin Laden taught them to not leave it all with one man and if that is true, what other changes did they make?

This is where I agree and disagree with Dr Erin Saltman who stated that the best way to identify the lone wolf is that if this person makes a mistake and tells one family member then they might call the police. I reckon that Erin is on the same train I am on. My disagreement is because I think that the chance of that is extremely unlikely and if we want to stop these lone wolves, we need an entirely new playbook, because the current approach is unlikely to work. I still believe that in the end it will be GCHQ that will need to bring forth the innovation that will allow MI5 to complete its mission, because message traffic has forever been the only weak link in any war that required communication.

A few come to mind, but none will be revealed here. Good hunting!

 

1 Comment

Filed under Military, Science

Tagged as , , , , , , , , , ,

July 6, 2014 · 15:23

The hungry Journalist games

Another day and another article on Sky News!

This all started a long time ago, but it seems that this article (at http://news.sky.com/story/1293651/internet-firms-take-legal-action-against-gchq), opens up new avenues to explore, aqs it already had taken the cake as one might say. There are issues for certain, they are on both sides, but what is this about?

The seven countries involved are the UK, the US, Germany, the Netherlands, South Korea and Zimbabwe. Let’s start by stating that this is an interesting group of nations to begin with. It was an article in Der Spiegel that set them off. Most sources seem to have copied and pasted the same message (Reuters Journalism as I tend to call it), one source also had this: “Their complaint follows in the wake of articles about mass surveillance published in the Guardian based on material released by Snowden“.

So again this could be a ‘Snowden’ story, but I want to take a look at another side and the quote by Eric King spokesperson (deputy director) of Privacy International who stated “It completely cripples our confidence in the internet economy and threatens the rights of all those who use it. These unlawful activities, run jointly by GCHQ and the NSA, must come to an end immediately

Is that the truth, or should the correct quote be “It completely undermines our support of optional criminal activities and threatens the opportunity of economic abuse for all who desire it. Their unlawful activities, run jointly by GCHQ and the NSA, must come to an end immediately, so that we may again focus on possibly deniable illicit profit

That is quite the change, isn’t it? Consider the following two issues. First the prices, for example ‘Greenhost’ offers the following:

Webhosting 120 GB storage and 1.2 TB data traffic for 132.75 euro’s a month and virtual data servers containing 50 GB storage and 1 TB bandwidth a month for 215 euro’s a month. Basically, just one account would fit the web space for most the ENTIRE Forbes top 50, not just one or two.

So, in light of recent events, I thought I had something here, the Dutch provider fits the bill, but then I got to Riseup, which no longer seemed to be active and the Chaos Computer Club (CCC) which seemed highly ideologically to me. More important, it did not fit the bill either. So am I barking up the wrong tree? (I have been wrong before you know!)

I still believe that the ISP’s are all about not complying as it is not about freedom, but about bandwidth (which directly translates into revenue), which seemed to fit the first part, but the others are not about that, which makes me wonder what is in play. Do you actually think that the NSA and GCHQ are about wasting time? So, is the Chaos Computer Club a waste of time? No, as far as I can tell, they are not. Are they a threat? Well, that remains the issue. They are hackers after all. Is it that farfetched that some people would want to keep track of some of these members? Let’s not forget that someone is feeding organised crime the knowledge that they need to avoid prosecution, when considering the power that both the Triades and the Russian Mafia have in the digital age area, looking into the CCC to some extent seems to be a given. However, knowing their skills, doing it in the way it is implied to have been done seems a little over the top as most of these hackers are pretty proud of themselves and they are for the most not in hiding. Let us not forget, they voice themselves to be about the freedom of the German people and the utter privilege of their data remaining private.

The fact is that this is an implied mess involving 7 countries, the next valid question becomes: ‘are they linked (beyond the accusation), or are they just a collection of elements?’

That question bares scrutiny, but should also indicate the view I have had of Snowden from the very beginning. I believe him to be a joke (and a bad one at that). Now, most of you will not believe this, but let us take a look at the EVIDENCE. I am not talking about some claim, but actual evidence partially on the common sense you and me hopefully tend to have.

1. The claims that he has made involves massive levels of access. Not the access a hacker will ever have, but the information from top level sources in the CIA, NSA and GCHQ. So were talking hacking into over dozens of top level secured servers, servers which are monitored 24/7. He, some hacker no one had ever heard from, did all that. These people behind the screens do NOT EVER give out passwords, do not give access, yet he had all the information and walked out of one of the most secure buildings in the world with all THAT data? This is a quote found in sources like ‘the Verge’ and ‘Wired’. I think we can agree that wired is a reputable source in regards to technology (at http://www.wired.com/2013/06/snowden-thumb-drive/) “‘There are people who need to use a thumb drive and they have special permission,’ an unnamed, ex-NSA official told the LA Times. ‘But when you use one, people always look at you funny.’” This is not unlike the view I have had for a year now. Let’s not forget, the NSA is the place where SELinux was developed, it was designed to keep close tabs on access control, specifically, who, where, how and with what. So ‘some’ technician, with the USB drive in the most secure server space on the planet is just not going to fly. The question I had from the very beginning is not how he did it, but what was actually at play here? The next part is assumption! Was it to give Booz Allan Hamilton more profit? That was my alleged first thought. If data was going to get ported to non-government institutions, this small caper could give BAH and whoever was getting oversight an easy and clean billion a year in revenue. That tactic, still ethically wrong, would have made perfect sense to me.

Here is how I see it and this is PURE assumption (I will get back to evidence in a minute for my next issue), consider the Microsoft disappointment with data collection plans for the Xbox One. We see some of the changes (at http://www.nytimes.com/2014/05/23/us/politics/house-votes-to-limit-nsas-collection-of-phone-data.html). The following quotes are essential here. The first one was from Jim Sensenbrenner, Republican of Wisconsin, “The N.S.A. might still be watching us, he added, but now we can be watching them“. It is a bold statement, but is it true; moreover, should they be watched? Yes, any intelligence operation needs oversight, which is fair enough in a democratic way of life, but how many should overlook this? Are the people in oversight not granted well above average powers and is it fair to any opposition party that they should have it?

2. What lies beneath this access is the amount of involvement. Prism is one of the named projects with supported links to Australia, the UK and the Netherlands, with Microsoft as a commercial partner. Really? One nation, known for clogs, cheeses, Hans Brinker and soccer is placed next to the NSA and the Commonwealth? It is a technological hub, no doubt about that, but it is the size of Maryland. So, this is just the first of several projects, involving secrecies that would be limited to the very top, most of it would not be written down and Snowden had it (as in having in past tense, details follow). The mention of projects like XKeyscore, Tempora, Project 6, Stateroom, Lustre and Muscular. They are not only different projects, but they are a scope of projects that would not ever be in one location to begin with. So, what is implied as ‘the top’ of data gathering and one IT person has it all? Is no one asking the questions the PRESS should have asked and openly doubted from the very beginning to begin with (a part that is not voiced in any way).

The funny part is that stateroom seems to be no more than the legal collection of information as EVERY government tends to collect diplomatic data and in his claim he made them ALL bitches to the NSA, they just do not know it. There is also a reference to Echelon, there are several references, but the one that matters is not named. A covert niche within the NSA and the name of the source is: Tom Clancy!

Is anyone starting to wake up now?

This is not about anything but the warped imagination that is not even close to a reality. Consider that every government has embassies and consulates, the Dutch have them, the Australians have them, so do the Brits and the Germans, not to mention the French and they have them too. Consulates and Embassies represent their governments. Consulates tend to be specific for people and companies, so that they have backups. Like getting home when your passport is stolen, or to help a company with a list of people they should talk to for starting to do business. Trade will always remain important anywhere. Embassies are more about ‘governing’ opportunities as I see them. The Dutch want to get first dibs on building a reliable bridge, so their ambassador talks the great talk. People skills is what it is all about and talking to the right people. There are other sides too, they try to resolve issues, like a Dutchman committing a crime in Melbourne (for example) and the Embassy tries to ‘help’ the Dutch person to get home again, or to assist local government with their investigation if need be. These people do work that they sometimes like and sometimes hate, it is a job that needs to be done. To get the best results some things need to remain confidential and secret and as such whether through encrypted ways or through other ways messages go back and front between a government and its local representatives and that needs a little more security. Some is as simple as a message of a first insight as to build a bridge; to keep the advantage this goes encrypted. It is the cost of business, plain and simple. There is no hidden agenda (other than national pride in trying to score the job). So, they do they do their job and they are not the NSA bitch in the process.

It is simple approach and the lie hidden within a truth was stated as “They are covert, and their true mission is not known by the majority of the diplomatic staff at the facility where they are assigned” Part of the truth is that the encryption specialist is usually not known, it is not a secret either, he used to be the person, who had one extra book with cyphers, he opened each page and set the encryption box and transmitted the information, often a NCO of communication (often has NATO duty reference A00x0). That person had two extra tasks and most in the diplomatic staff might not know, or better stated, they absolutely do not care.

When we saw the statements by certain key people in Australia or the UK they spoke the absolute truth. The small explanation I gave is done by all, the DSD (AUS), GCHQ (UK) and as I said it the Dutch have it too. It is a simple legally valid and required job that needs to be done, nothing secret about it, it is the cost of doing business and sometimes, to keep a lead profitable it sometimes gets handed over more secured, just like they do it at Microsoft (they just get heaps better equipment).

Another issue is the XKeyscore reference. Does such a thing exist, most likely! Now consider the implications of the following, there are mentions of 700 servers in 150 locations. The fact that it needs to intercept without visibility and analyse at the same time as a person does many things at the same time. Even if the best of the best was used (which likely is the case), then we are looking at a very select group trying to get a handle on perhaps no more than the most dangerous 2000 people on the planet. Does anyone believe that a system like this remains a secret if 4 Australian bases are involved? The next part can also be taken as a fact. Can anyone even guess the amount of bandwidth this takes? Most routers nearby the monitored person will truly get a beating, so whatever this is, it will show up. It is the scope that is claimed that makes no sense. Some in the NSA might find it nice if it was true, but the weak link in all this is the actual internet.

The last part of this is the kicker in this joke. If his life depends on it all, do you actually think he would ever part with the information? This came from the NY Times from October 2013 (at http://www.nytimes.com/2013/10/18/world/snowden-says-he-took-no-secret-files-to-russia.html) “Mr Snowden said he gave all of the classified documents he had obtained to journalists he met in Hong Kong, before flying to Moscow, and did not keep any copies for himself“, so his life depends on a journalist, who now has the thousands of documents?

Perhaps we should look at a much more likely explanation, the man has no value, the press is stretching the value of events, as they would and Snowden has played his part, I still think that the Chinese saw in him what I saw from the very beginning, a simple joke! They walked away and he had to flee to Russia who is keeping him around for entertainment and to piss of the Yanks (which they also regard as good entertainment). My issue is not him, but the fact that I see more wasted time and energy on laughable cases that keep us all away from actually moving forward. In this economy, as we are so stretched thin, rebuilding an economy is a first need, not waste time on some feigned attack on the ‘confidence in the internet economy‘ as Eric King puts it.

And for the love of whomever, let’s not compare Snowden and Assange, I completely oppose Assange and his view, but at least he seemed to believe in that what he did was a just cause and acted accordingly.

In the end this is just my view, but no one seems to be asking the questions the press are supposed to be asking. The Guardian and Der Spiegel seem to get a ‘free’ hand in boasting tons of data and a simple stamp ‘Snowden said it was so’ seems enough for people to just accept it.

4 Comments

Filed under IT, Law, Military, Politics

Tagged as , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

June 21, 2014 · 11:58

The price of a passport!

We all have our moments; we all have that moment when we need to prove that we are the person we are claiming to be. Many of us have been through it more than once. When we turn 18 and we go traveling, when we need to apply for loans, mortgages and other financially linked issues. We must prove that we are who we say we are. It is at that time that we need to have a passport and even though, except for travel over national lines it is not essential, it will always be regarded as the most correct proof of identity.

It is the dream of an identity thief, the dream of a refugee trying to get to any level of a safe life. A passport will have that magical shield value. Whether you live in one of the Commonwealth nations, or in many of the western European nations, we seem to forget just how powerful a passport truly is. Those who got theirs seem to forget the hassle it is to get one for the first time. So when the article (at http://news.sky.com/story/1286601/passport-office-profiting-from-publics-pain) appeared, I was not that surprised, even though the term ‘profiting‘ seemed out of context.

Most passports are valid for 10 years and the freedom of a passport is often beyond most imaginations. At http://en.wikipedia.org/wiki/British_passport#mediaviewer/File:Visa_requirements_for_British_citizens.png we see the freedom a British National has. It allows a person to pretty much go anywhere within the Blue and Green regions at the drop of a hat. We all take this level of freedom for granted at times. The Dutch passport can get you in all these places as well as in a limited way into additional Middle-Eastern places (1 or 2). So when we look at a passport, we often do not realise the power it holds. I myself got confronted with the notion in Crete, when I was having a coffee with a Russian Lady on vacation. She explained the hoops she had to go through to get to Crete. Her passport did not give her the tropical destinations at the drop of a hat and to go shopping in Saks on fifth was a joke she could not seriously entertain ever.

Now let’s take another look at that little trinket! Whether you have a thin one, or one with 12 additional pages, you will set yourself back for a decent amount of coin. You think that it is expensive, taken the time-frame, a passport is less than 8 euro’s a year and it is an essential document in your life. There is of course another side to this. As everyone wants that piece of paper, you want to keep a good check on it, and the application for it is a time consuming process. So much so that those behind it need to make sure that this document keeps its value. It was at this point I started to wonder about a few issues.

The article had a few quotes that give pause for us to think issues through.

The figures showed there were 552,192 applications in January this year compared with 482,356 12 months earlier” is the first quote, “There are still 490,000 applications being dealt with and staff have had to work the equivalent of nearly £1m in overtime in one month” is the second one, “It is baffling why immediate action was not taken to alleviate the impending disaster that has now engulfed HMPO.” is the third one and “The Passport Office is ‘profiting from the public hardship’ by making a surplus of almost £13 on each application, the head of a government watchdog has said” is the fourth one, but the first one to be mentioned. This is all coming from Keith Vaz, Labour MP and funny enough, a person who started life as a Yemeni citizen.

It is nice to see such criticism, but how fair is it? Consider the UK has close to 64 million people. I have no clear number on how many are ACTUAL citizens, but for the fun of it, let us assume 100% (which is ridiculous I know), this means that if all is equally set, the HMPO would need to produce 6.4 million passports a year, which is a little over 533 thousand a month. So how are the numbers as quoted by Keith Vaz MP a surprise to anyone?

I reckon the HMPO should know that these numbers would need to be met to some degree. Here is the kicker! They are not surprised and I feel certain they are trying to deal with it. The problem is that hackers are getting better and that more and more systems are compromised, so before we go into that part, we should recognise that over the last 10 years the work of the HMPO has grown in complexity and they are relying on the part these systems that cannot get compromised by these hackers, mainly the printed documents and original papers (as are likely seen in those massive binders). The Honorable Mr Vaz seems to be ignoring those parts.

As for the 13 pounds, is this even a valid number? If we consider the amount of actions required, checks to be made and then the actual passport to be created, checked and handed to the right individual, a passport is a real deal at twice the price. The fact that 1 million in overtime is quoted; the 13 pounds profit would be non-existent by the time the actual costs are added up. The one part he does have a point the HMPO should have been a lot larger, but getting qualified staff there is not an easy task. Let us not forget that even though extremely important, this job does not have the Jetstar double zero seven appeal that a branch like GCHQ or Special Branch offers. The initial view many might have that this is the dream job for a CPA fantasizing about libraries, which is not the largest target area in any nation, but this work needs to be done!

So as the is dealing with this passport issue, we need to take into account that this problem can only be solved with reliable systems (which is becoming increasingly difficult), millions of people are victims of identity fraud, which makes checking of some details increasingly harder and as paper trails are slowly diminishing, the HMPO will have to add more effort in making sure that the created passport is for the right person and whether the requested person was the actual person. IK know it seems weird, but the moment someone has YOUR passport you will learn the hard way on those consequences.

Now it is time to revisit my remark on Mr Vaz’s original nationality. This was not some cheap shot and even though it is at times fun to have a go at labour even just for the hell of it, I do have respect for Mr Vaz on entering public life and his decision to support the British system. He has my sympathies and respect in that regard. No, it is about what a person from Yemen was able to reach. In that regard Mr Vaz needs to be reminded on where his Yemeni passport got him (at http://en.wikipedia.org/wiki/Visa_requirements_for_Yemeni_citizens). As you can see his VISA free options were not that impressive. As a Yemeni citizen, he can see less than 10% of the world his British passport (or EEC equivalent) allows him to see without a VISA. This directly links back to the power a passport (his British one) grants him. So, the UK is dealing with a backlog and this backlog must be dealt with carefully if the HMPO wants to keep the value of the British passport high.

If not, the consequences of devaluation will hit anyone with a British passport, which could impact hundreds of innovators, who now travel the world seeking new ideas.

Still Mr Vaz did make valid points by shedding light on this; the problem is on how to solve it. Theresa May is announcing additional measures (at https://www.gov.uk/government/news/additional-measures-to-meet-high-passport-demand). These measures seem good, but are they? They are an essential patch, but the numbers as they are shown to us, give way to the thought that a better and more permanent solution must be found. As for additional jobs, here is a possible option for matured interns to take a centre seat. I grant that oversight is needed, but the UK is filled with retiree’s and ex-servicemen who are very trustworthy, all just hoping to get a decent job. If initially 100 could be added to get some of the grunt work out of the way, would that not speed things up? So the lowest staff member of the HMPO would now become a small manager, each receiving the files from up to a dozen new interns. Yes, issues will rise, yes some will not be complete, but they now will get a surplus of gathered facts. Instead of going through 1-2, they will go through 11-20 of them. In the beginning, 80% will get send back to the intern, but as the initial week progresses, the processed files will get to 70%-80%, giving the one HMPO officer close to 10 times the processed files. A staggered approach to this will raise the numbers of passports dealt with and the mountain of outstanding passports will soon diminish to some degree.

In many ways, several nations will have to change their way of thinking, in this situation we add to the working pool, we see an outstanding issue resolved to some degree. This is just one solution that would not cost the government millions, which is always a good side.

 

Leave a comment

Filed under Finance, Law, Politics

Tagged as , , , , , , , , , ,

January 28, 2014 · 20:42

For free or for naught?

It is less than a day after I wrote the previous blog ‘The danger ahead’, now I read in the Guardian (at http://www.theguardian.com/world/2014/jan/27/nsa-gchq-smartphone-app-angry-birds-personal-data) that the quote I made in yesterday’s blog “Speed and disregard of proper development has allowed for open access to many computers and devices, which allows for almost complete collection and stored and such storage can only be done by just a few. This open level of availability allows the NSA and GCHQ (amongst others) to collect open source intelligence, hoping to gain the upper hand in the war on terror.“, which is close to what the Guardian reported, as well as what is currently shown on Sky News!

At this point, I am looking at a few issues and the more I look at the data that the press is stating, the more I see that Edward Snowden is more than just a traitor. He claims being a victim in a German TV interview (at http://www.dw.de/wanted-dead-by-us-officials-snowden-tells-german-tv/a-17388431), where he speaks the fear that he is being targeted for long term sleep therapy (aka ‘terminal sleep’).

The ‘problem’ is that the issue is not just Snowden. The more I look into the breaches, the more I look into a possible functional approach on the way the NSA server parks (plural) are set up, the more I am convinced that not only was Edward Snowden not alone in this all, I feel some level of certainty that this person might still be in the NSA, endangering both NSA and GCHQ as well as other allied monitoring agencies.

The humongous amount of ‘revelations’ that are claimed in the name of Snowden do two things. First of all it turns Benedict Arnold in a stumbling saint (I just had to wash my mouth with soap for making such a claim). Linked to this is the fact that the many dozens of operations as his ‘revelations’ seem to touch on would have been on at least a dozen of servers (as projects are spread around). The fact that NSA uses an upgraded edition of SE-LINUX means that a system with logs and mandatory access control cannot get transferred to such a degree. The fact that IT and security monitors it all, as well that he was civilian contractor means that his name should have popped up a dozen times. Even if he used other accounts, the logs should have triggered alerts all over the field when they were scanned through solutions not unlike a program like Palantir Government.

The claims I am making are growing in reliability with every ‘revelation’ that is being made. There is however another side that is now the consequence of all these whingers and whiners about ‘their privacy‘ (at http://www.theguardian.com/world/2014/jan/27/tech-giants-white-house-deal-surveillance-customer-data). We now enter a field where it is important to realise that the new situation could be regarded as a danger.

It is linked to a previous newscast where President Obama was considering moving telephony data out of government hands (at http://www.washingtonpost.com/blogs/the-switch/wp/2014/01/23/government-privacy-board-members-say-shifting-nsa-data-to-third-parties-is-a-bad-idea/)

As stated before, this is a really bad idea. Consider that criminals, if enough money is in play, can use places like HSBC to launder their money (I am not talking about forgetting your wallet whilst washing your jeans), but the idea that commercial enterprises can get away with these events for just a 5 week fee (at http://www.forbes.com/sites/afontevecchia/2012/07/16/hsbc-helped-terrorists-iran-mexican-drug-cartels-launder-money-senate-report-says/, as well as http://uk.reuters.com/article/2014/01/23/uk-standardbank-fine-idUKBREA0M0LF20140123) is a lot more dangerous than many realise. Handing data storage out of government hands is just too dangerous. I am steering away from the issue whether the monitoring program should go on or stop. The intelligence community needs to do what it needs to do. Leaving that data with third parties is just not an option. The worst case scenario would see the US government paying out billions if any data leading to a registered IP ends up in ‘other’ hands. Once that evidence is ever given, the US would lose whatever credibility they ever thought they had.

At this point the title can be used as a joke. What is the difference between for free and for naught? Someone got rich for free, the US got rich for naught! That would end up being the reality of a project that was meant to map levels of global terrorism. This joke only gets stronger when we see another ‘view of shock’, but now from Google CLO David Drummond (at http://www.bbc.co.uk/news/world-25911266). It is hard to state against his view, or the premise of the company. These carefully pronounced statements from legal eagles are to be expected from many firms for some time to come. There is however a commercial positive view (at http://www.bbc.co.uk/news/technology-25914731). Here we see how entrepreneurs in makeup and clothing are showing options to avoid detection. In more than one instance it is stated to be metal based, so standing next to airport detectors should be fun soon enough. I wonder how much more would get checked when the boxers or briefs are also metal based.

So whether we get entertainment for free or fashion for naught will be discussed by many soon enough, the main fact remains. If we want to remain safe, then data needs to be collected. It is not for free, or for naught. It is for the simple reason that the world is filled with bad people; some will go any distance to hurt as many as they can. Our governments have a duty to keep us safe, it is only fair that they are given the tools, the methods and the opportunity to do so.

This does get us to the final part (or final side) to these events. This morning, the Guardian (at http://www.theguardian.com/world/2014/jan/28/microsoft-rules-out-back-door-access-to-mps-electronic-communications) reported on backdoor access allegations. The quote “Both Ludlam and South Australian independent senator Nick Xenophon have been concerned about the security of Australian parliamentary communications since the Prism surveillance program was first revealed by National Security Agency contractor-turned-whistleblower Edward Snowden.” gives the information that was the part of all this. So again we see more resources squandered in regards to Snowden. Do not get me wrong, the question by both Ludlam and Xenophon is fair enough and as such it should be looked at. Whoever wants access to certain information, which might always be the case, could consider Intruding a system, which, unless you are a real expert is getting harder and harder, as it should be.

Yet, capturing and copying frames sent over a router system makes a lot more sense. You just capture it all and decrypt it later. Now, most people will not have the ability to do this, but consider the amount of elements to get this all from user1 to user2 via server X. If you think that this is highly encrypted hard to achieve effort, then think again. The more common the method used, the easier it is to read into it. So, there is a level of entertainment as we see leagues of technicians concentrate on the door of the bank vault, whilst in reality one of the walls is missing.  To give you another example, we take a look at a paper by Daehyun Strobel, Benedikt Driessen, Timo Kasper et al (at https://eprint.iacr.org/2013/598.pdf). As we look at the quote “Despite the fact that nowadays strong and well-analyzed cryptographic primitives are available for a large variety of applications, very weak cryptographic algorithms are still widely deployed in real products all over the world.” This relates to the IT issue as, we might have secure servers and powerful password rules, but files are send from one computer to another via the ‘internet’, which goes via a router system (no matter how you twist or turn it). So, as someone gets to any router on the track and wireshark’s the traffic, the stream can be rebuilt. From there the hacker still faces a few obstacles, but you better believe that above a certain skill level, this data can be retrieved. So what exactly are we all crying about?

 

Leave a comment

Filed under IT, Media, Politics

Tagged as , , , , , , , , , , , , , , , , , , , , , , ,

January 27, 2014 · 04:45

The danger ahead

It was the BBC that gave me an insight I had not been aware of. It is easy to miss an item, even though I have been involved in IT on many levels for over 3 decades. It is just not possible to keep it all in focus all the time.

It is kind of fun to consider the words of my late grandmother. It was the only issue we could never see eye to eye on. She had an expression ‘Johnny of all, master of none‘. It was not a positive expression! I always went the other way in that regard. Whilst most went to some ‘temporary’ master as they mastered a certain niche skill. I went into the width of IT. I got exposure to such a wide field that my knowledge covered the entire foundation of IT (yes, in the time of the mainframe). After that I started to grow the base of this knowledge trying to evenly grown my knowledge of all IT fields (to some degree). My knowledge grew from programming, to consulting, to training and so on.

So where is this going?

I wrote at an earlier date about IT and the iteration approach to IT (at ‘Year of the last Euro?‘). The entire field goes a lot further. In an age of the similar devices, last week as I was prohibited from moving for 4 hours, I decided to let my mind wander and I came up with an entirely new Notebook. I categorise it as a fat notebook and I call it the ‘True Mobile System’. In an age where Sony, Asus, IBM et all seem to come up with a different names for the same flavour, my mind designed a new approach to a mobile business system.

Was it clever? Not sure! The issue is that many could have come up with it and either they are limited to what their boss dictates or they are just not thinking in a user based forward motion. Here lies the crux of many issues we have seen lately. Their way of thinking is not user based. It is often revenue based, there is a HUGE difference!

If you have read my previous blogs (especially ‘Fifth in a trilogy!‘) then you might notice a trend. In my mind most corporate IT is now all about what is in charge, not who! So as marketing decides on deadlines and evolutions, many learn the hard way that marketing is basically the extension of the CFO (and/or the stakeholders) and as such it is all about the money. If development is the science, then marketing should be seen as the ‘tainted’ picture. The problem is that too many CEO’s and others are all about this tainted picture (and as such the perception of what comes next), the science/engineering side gets too often ignored, or just briefly listened to and after that they get shut down and pushed forward to meet the deadline.

In that regard I still see the game ‘Assassins Creed 4’ (yes that pirate game), which could have been truly great and ended up being less than that (at least in my personal view)! The same can be said for business based ideas. If we consider this message (at http://www.bbc.co.uk/news/technology-25859360), where Google Chrome might be considered an eavesdropping risk, then what is safe to users?

The quote “The malicious site you visited can continue listening in on you long after you have left it said Mr Ater. As long as Chrome is still running nothing said next to your computer is private.” gives ample reason for worry. The danger from our side is that this could be a topic for conspiracy theory. Was this really ‘accidental’? I am not saying it was not or was not. It is however interesting how we as computer users have been exposed to a massive amount of security flaws in the last year alone.

In my mind, is this due to shoddy programming, or is their local marketing so set on certain deadlines and as such proper testing is no longer done? I personally think it is a combination of the latter two. As additional ‘evidence’ in my train of thought, my recent Yahoo experience comes to mind.

I have been a faithful Yahoo user since the early 90’s, for me it always sufficed. The e-mail was robust, it gave me the space I needed and as such I never regretted it. Yet, since the ‘remake’ of Yahoo it changed by a lot. The amount of failures I viewed are on a new low level of customer experience and as such, at present I am seriously considering leaving Yahoo mail and move to Google permanently.

The feedback does not have any options for filing bugs or complaints. It is all about ‘submit an idea‘ and ‘send public feedback‘. To me this all seems like the marketing image left by someone who should be lobotomised and left somewhere far away from any IT endeavour (preferably forever). Yahoo mail now exposes us to additional dangers as we no longer see a status bar in certain places. So, we no longer see ‘the’ link, which I consider a bad thing. The new system also ‘assumes’ spam, so I now have to scan my spam even more often. I can no longer sort by sender, which means that organising my inbox take a massive amount of time longer. The list goes on and on. Is it marketing at the expense of functionality?  To be honest, I would need a little more evidence before I can state that as a fact to some level, but the deadline push has been visible with too many corporations and for far too long.

These issues go a lot further when you consider the article called ‘Android’s biggest security flaws‘ at ZDNet (at http://www.zdnet.com/androids-biggest-security-flaws-1339338283/). As they mention the dangers of inexperienced and malicious developers, they actually forgot about the third group, the ‘callous developer’. These firms (not the individual programmer), who are all driven to meet certain deadlines and as such might not properly test or secure their application.

It is important to note that I do not see the inexperienced developer as a real threat. Yes, they offer the same level of danger, but they are not out to harm you. You, the user, who wants applications for free (as many do) should not blame that new person for trying to get a foothold. If that developer is to be held for one thing, then in my mind it would be that too many of these freebies should bare the mark ‘Beta’ or ‘Trial’, to add an extra warning level for user downloading their new endeavour.

The big issue becomes: ‘What to do about Android?’

As the influence of android increases and interacts with all manner of devices in other ways (like with a person’s Sony-id account, so that a gamer keeps online with friends and achievements when they are not at home), gives way that security flaws become more and more harmful. More important, as we become more and more oblivious of the interaction, we might be spreading all our personal details all over the internet and that danger could grow exponentially with every additional application.

These events also shine an interesting light on an article that was in the Guardian last Friday (at http://www.theguardian.com/uk-news/2014/jan/24/justify-gchq-mass-surveillance-european-court-human-rights). When we consider the issues I listed on application security, we should take a second look at the quote in the article “Nick Pickles of Big Brother Watch said: ‘This legal challenge is an essential part of getting to the bottom of why the public and parliament have not been properly informed about the scale of surveillance and why our privacy has been subverted on an industrial scale.’

Perhaps the quote could also be read as “Speed and disregard of proper development has allowed for open access to many computers and devices, which allows for almost complete collection and stored and such storage can only be done by just a few. This open level of availability allows the NSA and GCHQ (amongst others) to collect open source intelligence, hoping to gain the upper hand in the war on terror.

I am not stating this is the case, but it could be seen as such. In that regard I call for the issue I mentioned in a previous blog called ‘Internet Privacy?‘ on December 27th, where we see the dangers of some applications (at http://www.theguardian.com/media/2013/dec/27/snapchat-may-be-exposed-hackers). If we consider the dangers consumes are exposed to for whatever reason, it seems odd that Big Brother watch is not more outspoken on the industrial subversion of privacy by software designers.

So here we get back to the beginning of this blog where I wrote “I designed a new way for a mobile business system.” As Microsoft has moved into a field of computers utilising an approach in the air of “With our computers you do not need to use the brain you never had in the first place“. An automated system that assumes all the time to cover 95% of its users, loaded with gaps and security flaws.

People need to get licensed to get a gun, drive a car, a boat or a plane. Yet, the dangers that computers expose us to are currently not dealt with in any serious way. I reckon that in the next two years identity theft and identity fraud will be regularly in the back of our minds, as it grows into the very visible danger it already is. If we look at some of the numbers then I could speculate that 90% of the people will directly know one victim of identity fraud or identity theft. Lexis Nexis, in their paper ‘2013 LexisNexis® True Cost of Fraud Study‘ state numbers that should scare us all. In 2013, 58% of the merchants were confronted with credit card fraud and 36% of the 2013 population was confronted with lost or stolen merchandise. These numbers by themselves are not that useful as such (at http://www.lexisnexis.com/risk/downloads/assets/true-cost-fraud-2013.pdf). Yet consider that 12.6 million U.S. adult victims of identity fraud had to deal on average with $1,653 of damage per fraud victim. The total amount becomes a staggering one and this is just the US! As technology is not properly attuned to a better level of security, but to set to please a growing marketable population these dangers will only increase. This is the true danger ahead, not what the government can see. In that regard Foreign Secretary William Hague is quite correct when he states “law-biding members of the public have nothing to fear“.

 

Leave a comment

Filed under Gaming, IT, Politics, Science

Tagged as , , , , , , , , , , , , , , , , , , , , ,

January 18, 2014 · 19:17

Diary for a wimpy President

It’s Saturday and the news is hitting the Guardian. The news of NSA reforms to end government storage of call data. For those who are stupid enough to think that this is a good thing, I reckon they should think again. The article asks a few questions. Questions I had voiced for some time and the people behind the screens have been very careful to play a game where they are not just in the place to set conditions, they will determine what will be stored, where it will be stored and how it will be sold. It was the one fear that people needed to have. If you are over 40, it does not matter where on the planet you live. Ask yourself the one question. ‘What if the insurer knew your actual health status?’ How scared are you now? Be afraid! This was on the table for a long time.
Quite literally, the structural discontinue of choice.

So, how do I get from one piece of information to the other one?

Consider the article as it is today (at http://www.theguardian.com/world/2014/jan/17/obama-nsa-reforms-end-storage-americans-call-data)

The first point is “The government will no longer store the phone call information of millions of Americans. But he did not say who should maintain the information, instead giving the intelligence community 60 days to come up with options.

The next one is “The US government had to be held to a ‘higher standard’ than private corporations that store user data or foreign governments that undertake their own surveillance.” This implies that the higher standard is a hindrance. This is the part that had to be shed. So, like the private contractors in the past as the intelligence industry ended up with invoices in access of 175%, whilst employing the services of the same people (who all went into business for themselves). We now face a similar change. So, was Edward Snowden a traitor? If the view as I see it is correct, then this implies that he did exactly what was required of him. The question is, was this what the NSA had in mind from the very beginning?

This is where the third quote comes into play “‘What I did not do is stop these programs wholesale, not only because I felt that they made us more secure, but also because nothing in that initial review, and nothing that I have learned since, indicated that our intelligence community has sought to violate the law or is cavalier about the civil liberties of their fellow citizens,’ Obama said.

Yes, he did not stop them wholesale, they are about to become corporate controlled and accessible for all who have the access ticket and the money to pay for the invoice.

There is another part to this. Did anyone consider how nervous certain people in Wall Street were; if their mobile information was known? What if certain links were proven? The accountability of certain people would mean that they could actually end up in jail. Yes, the Wimpy kid in the Oval Office is making certain that certain connections will never end up there (always blame the man at the very top).

Again another notch in the thought patterns and evidence that I call ‘the plan’ that was conceived some time ago. So, where is the evidence? If there is no sustainable thought, then this is just conjecture and conspiracy theory. There is already plenty of that on the internet. So, let me take you back and go over the points.

It started last year when I first wrote ‘The Hunchback of the NSA’ on June 11th. It shows the career of Edward Snowden as it has been told by several media outlets. The first part of the evidence was clear for all to see. He claims to be disillusioned with the CIA and joins the NSA. There he gets into the data program at some stage (and no one thought it was good idea to keep their eyes on him).

On the 23rd of June I write ‘Who are the watchers?’ the one linked element here is the quote “Snowden told the Guardian, ‘They [GCHQ] are worse than the US’“. This is part of the issue. You see, whatever the USA decides, once the issues are truly revealed the cyber units of the allies will be the dangers. The ‘evidence’ seems to be all about how worse others are. The parade that the Guardian starts pays off and soon thereafter Sir Iain Robert Lobban as well as his peers at five and six end up in a public interview seat. Considering the article he wrote ‘Countering the cyber threat to business‘ (at http://www.gchq.gov.uk/press_and_media/news_and_features/Documents/directors_IoD_article.pdf), might be seen as an actual indicator that he has been ahead of the pack by miles for some time, it could just be seen by itself as a good manifesto to start keeping yourself safe.

There is one quote at the centre of all this “GCHQ is aware of theft of IP on a massive scale. The volume of attacks on industry continues to be disturbing.” I will get back to this later on, what is important are the three points the director sets out and more important, how they could also be seen.

• Have you identified your organisation’s key information assets and the impact it would have on your organisation if they were compromised or your online services were disrupted?
[Alternative: what data is bankable?]

• Have you clearly identified the key threats to your organisation’s information assets and set an appetite for the associated risks?
[Alternative: what data is accessible?]

• Are you confident that your organisation’s most important information is being properly managed and is safe from cyber threats?
[Alternative: the value management of data you think you own]

The alternative are not just views I opt for, consider that the data collection field goes into open commercial hands as it could be presented by March 31st, what are your options to purchase certain buckets of data (which will be shown down later on in this article)?

On the 1st of July I wrote ‘Classes of classification
The two issues here are “So if we consider the digital version, and consider that most intelligence organisations use Security Enhanced Unix servers, then just accessing these documents are pretty much a nono. EVEN if he had access, there would be a log, and as such there is also a mention if that document was copied in any way. It is not impossible to get a hold of this, but with each document, his chance of getting caught grows quicker and quicker. He did not get caught.
And
It does not matter whether he is the IT guy. The NSA has dozens upon dozens of them, and as such, the fact that he was able to syphon off such a wide area of information (and get it out of the building) is more than just questionable.

It comes back to getting data out of the NSA. The fact that this was done considering their security, can we even allow data in commercial hands, a place where it is all about saving cost? It is opening a field where data is no longer safe in any shape or form, more important, the multi-billion dollar of extra costs as they would be presented down the line will be far beyond out imagination.

Most of the issues as I set them out were also discussed on October 29th in ‘The Wrong questions’. There my train of thought was “What if Snowden is not the person he claims to be. I still think he is a joke at best, a patsy at worst. What if the leak is NOT a person?

The issues at play, I got to this point before, but until now I did not consider that this all might have been about commercialisation of a multi-billion dollar industry. The reason is that it could cost America well over 20% more to get someone else to do it, so selling data would be an implied consequence to keep the cost down for the US treasury.

Now we get to the last part of the equation from my article on November 22nd called ‘Ignoring corporate dangers

There I reported “2009 National Intelligence A Consumer’s Guide”, where at page 52 it states “The Act specifies that OIA shall be responsible for the receipt, analysis, collation, and dissemination of foreign intelligence and foreign counterintelligence information related to the operation and responsibilities of the Department of the Treasury.

The article shows more and it shows the direct link between the treasury and the need for a commercial future through data. I mentioned earlier about buying a bucket of data? Well, here you have it. The issue as it is shown with links in the articles to official government documents. They all have one thing in common, when it all changes into non-government hands, their mandates would not change. However, those who will be able to get access to the data, that list will change by a lot. They only need to pay the invoice, which might end up being like buying data files from a chamber of commerce or a statistical data bureau; it will however have a lot more data.

Here we get to the question I promised to answer earlier. The issue of IP theft on a massive scale! I am not stating that someone’s server is getting emptied from the outside, but consider knowing who is where and how their situation is. There is an interesting read at http://www.mcgrathnicol.com/news/Documents/011211_Inhouse Counsel_Unearthing the Electronic Evidence.pdf. It does not just show how relative easy it often is to get IP valued information, the data collection once commercialised could give competitors information on the players are at the centre of new intellectual property.

So, now we get to that question I asked in the beginning: ‘What if the insurer knew your actual health status?’ that is no longer a question. The information could be buried in the mega amounts of data that has been collected in so many ways. When the data is no longer in government hands, they could become available. So, when your premium goes up by +20%, be sure to thank those people claiming that the government could not be trusted; they opened the door ending many of our freedoms of choice.

 

3 Comments

Filed under Finance, IT, Law, Media, Politics

Tagged as , , , , ,

January 15, 2014 · 02:44

My £13,000,000 invoice!

I got a ‘nice’ wakeup call just now, as I was reading an article in the guardian. It is at www.theguardian.com/uk-news/2014/jan/14/ministry-of-defence-failed-computer-system. The title “Ministry of Defence ‘wasted millions on failed computer system’” got my attention. The UK is riddled with IT people trying to get a decent job. This article implied with quotes like “The recruitment partnering project, a £1.3bn scheme intended to enable the army to recruit online, is almost two years behind schedule and will not be fully operational until April 2015 at the earliest, the Times said.

Now, I understand that the MoD does things a little different and that this online approach takes a little time and money, but the fact that the cost of this system is more than the personnel costs of an entire regiment for 50 years (take into account that most IT solutions are usually set for a lifetime span of no more than 10 years) gives weight to the issue that it is time to go public. The additional quote “the problems are so serious that defence secretary Philip Hammond is considering spending nearly £50m on a new solution.” gives weight to my response “You pay me 10% of that and I will assist in getting the issue sorted

You see, any IT project is basically simple.

  1. What must be done and by what date?
  2. What must it cover?
  3. What are you willing to spend?
  4. Document the agreement and sign it by all parties!

The rest is usually political manoeuvring. (I apologise for oversimplifying the problem)

The fact that the article implied that the costs were a billion plus, gives the impression that the entire military network system got overhauled. This leaves us with the thought that there is a decent chance that Sir Iain Lobban of GCHQ is laughing himself to death reading about these events, so perhaps the loud honing laughter will move Defence to take a harsh look at themselves in the cold light of these events.

Do not get me wrong. I know that IT solutions tend to cost, and things get delayed, but this is about recruiting people, the price is implied to be set at thirteen hundred million pounds and it is already 2 years late. So, why was any amount paid in regards to a failed system? It is of course likely that those who delivered had a quality ironclad contract in place, yet the mentioned amount is extremely out of proportion compared to the non-working delivery.

The next quote is also one that opens debate “If the ICT hosting solution is not put in place then the MoD risks not gaining the appropriate number of recruits needed. Given recent criticism of army recruitment … and the use of reserves, this would lead to further negative media reporting and reputational damage for MoD.” So, the 2 year delay was not a clear indication of issues? I reckon that the spending of well over a billion on a non-working system is more than enough for laughter, ridicule and reputation damage for the MoD for a long time to come.

To put this all in perspective take a look at this quote from the Guardian made in August 2013 (at http://www.theguardian.com/world/interactive/2013/aug/01/gchq-spy-agency-nsa-edward-snowden). The quote is “GCHQ now has liaison officers working inside MI5, MI6 and the Soca, the serious and organised crime agency. It takes the lion’s share of the £1.9bn budget for Britain’s intelligence services” so basically, the MoD blew on a non-working recruitment option, the amount that GCHQ needs to keep it completely operational (for a year).

Seems a little out of whack, does it not?

Now for some other fun facts! Recruitment is all about creating interest. Now consider that the cost to make a multiplatform next-gen video game is £15-£25 million pound. So, the youthful player could get introduced to all kinds of positions, challenges, military functions and so on. The development is when compared to what is wasted less than 2% of those costs. More interesting, it could be sold at the newsagent for £5. The MoD could break even, or even make some money too (which would definitely be a nice change). It is a game and it might not have all of the information, but together with an information website loaded with PDF’s, application information and a registration bank should never have exceeded £80 million, from what I envision at present (including the game development). Why was this solution not hosted via GCHQ? The people at the MoD might know of the place, it is in Cheltenham and it looks like a massive donut (Yummy!). It has better security and more options for facilitation than most secure banks can dream of (GCHQ is not to be confused with the NSA, where you can copy all data to a USB stick at your own convenience).

So, do I have a case here? Actually, it was not me, but The Times, who started it, and the Guardian for giving it the visibility that goes far beyond the UK borders.

I must try to be neutral in these matters and very likely the article is missing key elements considering the amount involved, but seeing how 1 in 7 in the UK lives below poverty on one side, whilst on the other side a billion plus is wasted to this degree is extremely upsetting. I have proudly worked in IT since 1981 and seeing events like these, just do not cut it with me and it should not cut it with you, the reader either.

There is however a little more. “This leaked report points to the latest series of catastrophic failures at the Ministry of Defence on David Cameron’s watch.” is a quote I have an issue with. The fact that it is 2 years late means that this was supposed to be finished late 2011. When was the project started? Who were the people starting this, who was involved? It is of course possible that this was all on the conservative watch, yet, that must still be verified. The mention in the article of “after failing in 2011 to challenge a MoD policy” on the article gives rise to the thought that this has for a large part been an internal MoD failing. In addition “The project management team was inexperienced and under-resourced and the army failed to take charge when delays started and put in a suitable contingency plan.” gives way to my four step issue. The first two steps, as I mentioned it, also cover resources, the fact that this was not met means that the failing was on more than one level. Who at the MoD was involved? Was this person aware of the required skillset?

All questions that should have risen with any senior decision maker before the project was accepted and the checklists should have tripped several ‘alarms’ as the project was going forward. The fact that the large amount had been ‘lost’ indicates that none of these issues were factually dealt with.

The article raises a few more questions, but the horror should be clear. It will keep on costing more for now and before Labour starts ‘calling’ for botched jobs, they should take a look at the issues we saw in 2010 (at http://www.independent.co.uk/news/uk/politics/labours-computer-blunders-cost-16326bn-1871967.html). From that part we get the clear idea that infrastructure and policies alone are not getting IT choices done. Knowledge is likely to fix that; you just need to make sure the right person is on the job.

With the amount that has been spent, I feel comfortable sending them with my 13 million pound invoice.
(Payment within 30 days for this consult would be appreciated, as I have to pay my bar bill).

Leave a comment

Filed under Finance, IT, Military, Politics

Tagged as , , , , , , , , , ,

November 8, 2013 · 20:00

Is SIGINT a joke?

The news has been rampant on several levels these last few days. Whether it is revelation 16 (roughly) by the traitor Snowden, whether it is the historic event that the top three in British intelligence were in one line, as requested by British parliament, or the fact of revelations we read in the press, whilst (former) press members find themselves prosecuted for blatant and indiscriminate invasion of privacy. The list goes on and on and on.

There is a lot more, but let us confine ourselves to these three events.

For the Commonwealth the event in Parliament was likely the ‘important’ one. Was it truly about the events there? Some might want to question the questions, the answers and what follows. I, with my sense of perspective wondered about the choice of the green tie that Sir John Sawers was wearing. Does it matter? It is all as trivial as choosing pancakes for breakfast!

Yes, we all think we know it, we all think we have an inkling of an idea. I did have an idea, but that was almost 29 years ago. Now, I still have an idea from my specialised view of data, data technologies as well as data collection techniques and none of that falls with MI-6 (only a small part of it). The gem of the event was with Sir Iain Lobban, director of GCHQ, which gave us the part we need to care about. You see, as the press was so willing to give out the details as the people had a right to know, as we have allowed our wrists to get cut because the press is all about advertising profits, gang bang sensation and visibility, it was willing to sacrifice safety and progress for PR and visibility. To go deep and give both criminals and terrorists the information on how to avoid certain paths of detection we see the limits of their use. These same reporters that are part of a group listening in on voice mails to get the scoop, who will sanctimoniously proclaim freedom of the press, will not hesitate to sell their neighbour down the drain for the commission of another column of text, paid per letter.

From my point, if I had the option of making the killing shot ending Edward Snowden’s life I would, even if that gets me 20 years in prison, because traitors do not deserve consideration of any kind. The entire situation of laughable as an American ran to their Communist opponent and almost 50% of the American population considered it a good thing. In addition, if in light of the revealed information a child of Guardian editor in chief Alan Rusbridger would get molested, then he would blame the system on the front page of his newspaper immediately. I do not wish anything bad on him or his family ever! He is not likely to be worried as his four hundred thousand pound a year job allows for secure private schools, but what about the other children? Those children who are not that safe environment, possibly in danger to be at the mercy of predators, whom now with knowledge of longer avoidance and as such pose even more danger to innocent victims. What about them?

It is a level of what I see as utter short-sightedness. An assault on three groups that have lived in a world of ambiguity to get their work done, now that world is in turmoil, especially as some traitor comes with information that is for the most non confirmable, too much goes from the air of ‘Snowden told us, so it must be true’. Several questions are not dealt with on many levels, especially by the press. It just drains the gravy train as it sells more and more news (papers).

The second part is directly linked to all this. Two news messages:

1. Snowden persuaded other NSA workers to give up passwords (at http://mobile.reuters.com/article/idUSBRE9A703020131108)
2. Snowden has stolen 50,000 to 200,000 Classified Items from NSA.

The second had no verifiable source and as such there is no way to tell how correct that is, the first one is more of an issue. How stupid are Americans? That is of course if there is any truth in that part.

YOU NEVER GIVE OUT THAT INFO!

You can leave your partner/spouse/lover at some university frat party to have all the sex he/she needs, you give your credit card to your kids to buy all the toys they want, giving out login information is beyond utterly stupid. Snowden would not have needed it. As an IT person he either has rights to make changes, or he does not. If he did not, then giving out login info is the worst anyone could do. If this ever went to court then he could blame the original account holder. It is a level of non-repudiation!

So were the people at the NSA born stupid and stopped evolving after birth? That remains to be seen! The point is that the press is not that trustworthy either! The second part in regards to the classified items was from a non-disclosed, but also non verifiable source. There is no way for me to know. The question from this part is the one you do not see discussed openly on the news. How did all this info leave the building? Who was in charge? Issues that are also in play for Sir Iain Lobban! How vulnerable is GCHQ? What is in play to prevent this to happen in the UK? Even though Booz Allen Hamilton was cleared as they are the official boss of Edward Snowden, yet how was the clearing process? What are the checks in place for civilian contractors? The Washington Post published a large article questioning civilian contractor issues, from this part we wonder if it was deep enough. Even more, why were these issues not looked at more than a YEAR before the Snowden issues started?

If it was up to me (Sir Iain Lobban is likely secure in the knowledge that this is the last option that should ever happen), then I would like to make a small change at GCHQ. I would add a new inner circle, consisting of a Law Lord and two members from both MI-5 and MI-6 to watch the watchers. My only worry is that whoever oversees GCHQ internally is part of the ‘problem’ (no illegal or negative inclination implied). It does not harm for a set of cleared fresh eyes to look at the system to see if there is a danger. Something similar would need to happen at the NSA, but with their systems and such it might be a different source of people (like members of cyber command FBI and cyber command military).

There is too much info out there supporting the idea that US intelligence (and other governmental departments) seems to be oblivious to the need for Common Cyber Sense (at present with the amount of published info, it is unlikely that my thought on this is wrong).

Here is the third part, the PRESS part!

Their phone hacking was all about exploitation, revenue, profit and personal gain. The Intelligence community is about keeping people safe. There is a massive difference. If you wonder about these events, then consider the fact that because of greed and revenue, no steps have been taken on a global scale to see who buys your personal details and who has them. It could influence your insurance premium, your credit rating and your financial options. No one seems to be on par to get that properly regulated, because in America, Cash is king and the president to the United States is simply a number with a possible temporary status elevation, the rest is data cattle, sold at a moment’s notice. This risk is very real in the UK and Europe too. A consumer is nothing more than a customer number with an address and with a possible shipment of goods under way, that is their value and only for as long as they need products. To some extent the Washington Post covered this a week ago at http://www.washingtonpost.com/opinions/michael-chertoff-what-the-nsa-and-social-media-have-in-common/2013/10/31/b286260e-4167-11e3-8b74-d89d714ca4dd_story.html

what is less known is that they are one of the few who took a decent look at it (the Washington post), the rest remains on the Snowden gravy train, not informing anyone, they simply re-quote a Reuters line. Seems a little wrong doesn’t it? The article by Michael Chertoff sees the gem no one properly questions half way through where he wrote “there is no assurance that what is disseminated has context or news value“.

The true part, the real smart and the questionable art! The intelligence world is ALL about disseminating information and giving proper weight to the information acquired. It is about finding the bad guys, without that weight it is all media gossip used by the press and as we saw, the disciples of Rupert Murdoch have truly dented that group’s reliability, perhaps for a long time.

So is today’s SIGINT a joke? I hope not, because if so, the questions had been phrased at the wrong people. At some point parliament gets to answer the questions asked by the innocent and the victims on how parliament asked all about data and left corporations to do whatever they liked with our personal details. How many UK companies have had a backup data server in the US?

Consider this quote by Salesquest “The Siebel Customer Intelligence List consists of 265 Fortune 1000 or Global 500 companies that have deployed Siebel in their enterprise application environment. The first tab in the spread sheet lists the 265 Siebel customers, industries, corporate headquarter addresses, phone numbers, and web site addresses.” (At http://www.salesquest.com/resources/siebel-customer-list/)

How many of those are backing up their data to some server park in San Antonio? Consider those places, all their customer data, their financial data and forecast information. In some cases, the data will come from over a dozen nations. It is nice to ask where their data is, but what about the data dumps, the logs and the backups, where were they kept?

Let the intelligence community do what it needs to do, if not, then neither we nor the press gets to point fingers at them when things truly go very wrong.

Leave a comment

Filed under IT, Media, Military, Politics

Tagged as , , , , , , , , , , , , , , , , , , ,

October 15, 2013 · 19:10

In Media, we distrust!

Is it not a lovely day when you wake up, you go downstairs and if it is warm enough, likely in nothing more than a simple bathrobe you sit down. At this point, whether it is inside, or outside, you get the first start of the day with coffee and the newspaper. For most people, that part had been for a long time a slice of heaven.

We would go through the news whilst sipping tea or coffee (in my case the latter). What if I told you that these times are now forever a thing of the past?

My reasoning? For this I will go over each case in three parts. First the point I make, then the reasoning for that point and lastly the motive I personally think is behind that. I would like to add sources, but at times there are little to none and it is all based on common sense.

First there is no need to rehash the entire Leveson history. That reports was made and filed and suddenly the press was all uppity uppity on ‘the freedom of speech’ and how their rights are now no more.

Let us take a look at this part.

1. How often does the press report on privacy violations by large companies like Microsoft?

Answer: almost never. I found one article by the guardian, and a few by what we would normally all less reliable sources. (at http://www.theguardian.com/world/2013/sep/30/microsoft-privacy-chief-nsa)

Motive: The publications rely on big business (advertisements). It relies less on governments as their form of income and in addition, government is always seeking visibility, big business brings in money. In this situation I personally think that the press seems to be willing to ‘ignore‘ or whisper very softly certain events.

How about Microsoft HealthVault?

They state: “Privacy, It’s your HealthVault account. You decide who can see, use, add, and share info, and which health apps have access to it. HealthVault won’t provide your health information to any other app or service without your permission.

Venturebeat had the following interesting quotes “For instance, Microsoft reserves the right to store your medical data offshore, in countries that may not have the same privacy protections as the U.S.

HealthVault appears to open the door to a potentially unlimited line of people, entities or programs that can obtain permission to read and alter your health information, since it’s possible to delegate the ability to grant those permissions to others.” If did find a few mentions by CBS and ZDNET, yet the papers (the big ones) did not show up in any search. Even though this issue is not that recent, it is still interesting that the big ones aren’t anywhere near this place.

If we consider that this means that if an insurer gets access to this, then the smallest visit to the hospital could result in an increase to your premium. This is all linked to the Health Insurance Portability and Accountability Act 1996. There we find that the HIPAA Privacy Rule regulates the disclosure of Protected Health Information held by what we would call “covered entities” (employer sponsored health plans, health insurers, and medical service providers that engage in certain health transactions.) By regulation, the Department of Health and Human Services extended the HIPAA privacy rule to independent contractors of covered entities who fit within the definition of “business partners”.

So, if these contractors are outside of the national borders, your health data goes into several other directions too.

Consider that we volunteer this and other personal data to Microsoft (your Skype, your software, your Microsoft devices and your browser). How long until you represent a Z-Value? Not before too long, you are diminished to several Z-Values, and as your value depletes to below the norm, what options will remain for you?

Yet, the press seems to banter again and again on NSA and GCHQ. The question becomes, whether the press is nothing more than a simple tool to make us look the wrong way, whilst big business has a free go at us and our personal details.

I do not claim to know what the actual truth is here, but I do know that the press has not been focusing on the wider truth and reality too much lately. That is something that becomes slightly more visible when we read Claire Fox in her smug article (at http://www.independent.co.uk/voices/comment/leveson-has-done-his-damnedest-to-encourage-press-regulation-despite-his-protestations-8874676.html)

When you hear the actual response by his Lordship in regards to WHY he felt it was inappropriate to answer, Claire just trivialises it in the air of “that he would not play ball“. Let us not forget that it is her right to see things in the way she did, I will not attack that, but this situation left me with question marks on how far ‘misrepresentation‘ goes at present.

So if big business is protected through non-visibility, then why don’t we just get rid of all journalists and rely on bloggers? The digital world is ready for it all, journalists no longer seem to be truly ‘story‘ driven, when the bulk hang on the usual GCHQ drab anyone can get from Reuters and the bulk of the big business transgressions remain on blogs, I wonder where the journalistic pride and ethics remained as they claim their part in their need for ‘freedom‘.

2. How will many protect their children and finances if visibility remains low on issues that have an impact? Many PC’s and tablets get linked to games that are ‘proclaimed’ to be free. Yet, when you want to move forward, you can pay for additional options.

The BBC covered this on September 25th (at http://www.bbc.co.uk/news/technology-24272010). The Guardian seemed to have covered the same story and that is pretty much it. So why is there not a lot more visibility?

I had a look at a program called ‘Dragon Story‘. It looks nice, it is a little non-adult, but it has a few original sides. You can breed two dragons together and they leave an egg. You can hatch that egg and get a new different dragon. You can buy many of them, or if you take the time breed your collection. This is all pretty original. The dragons in their habitats collect money and that money can be used to grow your area. Yet, the part not shown is that some dragons are rare, some habitats (larger ones) are expensive. Smaller habitats can be bought with coins, but the larger ones must be bought with gold. That costs actual money. A child can without realising it spend $20 per habitat, some dragons; the really rare ones cost $50. So in 30 seconds a child can spend more money than a full version of Grand Theft Auto costs. It is clear that actions can be taken to prevent some damage, but the visibility is not there. Why?

In reflection upon ‘Dragon Story’, an addictive game named ‘Blockheads’ (a 2-d version of Minecraft) can also be downloaded for free, and you can buy an upgrade so that all actions go twice as fast. The price, $5! Now an additional option can be bought for $3, so that the player can play in higher resolution, a total of $8 for something that need not be bought, the choice is up to the player. THAT is what I call an excellent approach!

So where is the press here?

It cannot be for the lack of ‘public’ interest, as the tablet market in the UK alone is soaring towards 190 million owners this year. That is more than the total global owner base of the PlayStation 2 used to be (which was 150 million). So, one could say that tablet issues should be at the top of every newspaper. The Google search seemed to contradict this (I had to start somewhere).

So when we look at these heated arguments on the freedom of the press, we should be asking ourselves what they are complaining about. Freedom is nice, but when they relate it to the limits of their cubicle we get to miss a lot of information, the press and especially their editors should realise that.

In my view, to the extent I had read the Leveson report, I saw it not as an attack on the freedom of the press, but on the ‘enforcement’ of ethics and accountability. Those two are elements in any form of Journalism. For I am never against the freedom of the press, I do think that some acts require accountability. The hollow phrase ‘the people have a right to know’ lost its value when some used it to tabloid away all levels of privacy. Crashing a funeral less than two weeks ago by the Daily Mail is an excellent example of that. I do wonder whether all this is just about the journalists, or was the Leveson escalation due to a failing by the editors to keep a proper pulse of the journo’s they are supposed to mentor. To that I have no honest answer; there are too many murky facts in the open.

The PRESS fallout has been a long one and we are not there yet!

 

Leave a comment

Filed under Finance, Gaming, IT, Media

Tagged as , , , , , , , , , , , , , , ,

August 28, 2013 · 00:09

I miss the cold war

It is a line from a movie, yet at times that is how I feel. Most of the elderly who served will likely feel the same. We had a common goal and a common enemy. We ‘feared’ the values that would be given to us by the Iron curtain. Then something happened, they seemingly went bankrupt. Not unlike India, Russia now has the fastest growing numbers of billionaires on the planet. Yet, the numbers do not add up. This relates to what happens today in Syria. No matter how the events in Syria began and I will admit, I know not when that premise there changed, but it had. The roughest of estimations would be that somewhere in September 2012 the game changed. I believe that it was before the UNHRC statements of September 28th (now exactly a year ago). Those against were China, Cuba and Russia. China seems to have been ‘sincere’ in their deliberations and Cuba did what Russia asked. Russia changed the game. In their minds this would be the beginning of a new cold war. There is one massive difference. This time we would likely lose!

The factors involved are a nothing less than an incompetent American administration. As the banking issues had hit them, their inability to solve or reacquire anything, with in addition two very expansive and expensive wars in Afghanistan and Iraq had depleted the American coffers to less than nothing. When two parties are not in agreement, then the winner hits when the other party is down for the count, words spoken before by several parties and ignored or silenced by greed driven parties. Edward Snowden was not part of this in any way. I think this is the one lucky break both Russia and China never expected to see. You see, there are ripples connected to that. If the NSA has breaches to this extent, there would be a chance or even nothing less than likely that GCHQ (UK) might have similar flaws. Unlike their building, the donut, which has a hole in the middle, they will have a hole somewhere. If it does exist, then it is in the technology and not likely in the people they have. I reckon that I count myself to that cause where we protect and preserve the monarchy, even if I am just an Australian. The fact is that if technology was unable to stop Snowden, then it is not unrealistic that GCHQ has similar flaws, especially as GCHQ is given a mere fraction of resources the NSA gets on an annual base.

There is supporting evidence to these thoughts. The ALLEGED hacking of the UN building might count. If the alphabet groups were aware that there are issues with any upcoming cold war, then knowing as much as possible is essential. This could have driven the events if the hacking of the UN was a fact. Why the video conferencing? It was not about getting the voice feed, which is not too hard; it is however to find and identify people through the video link(s). If there is a new cold war brewing, knowing where certain people are is an actual must. If we can believe ‘Der Spiegel’ then staff members from the NSA had been tracking their wives. Leave it to some idiotic American to use these resources to keep an eye on his wife instead of giving her the orgasms she was entitled to (at http://www.theguardian.com/world/2013/jun/30/nsa-spying-europe-claims-us-eu-trade)

Yet back to the Syrian chess pieces. Assad, or as he should be known now as ‘Pinocchio 2’ has been doing the things that Russia wanted them to do. Slowly moving him and whatever reasoning he has (whether valid or not), to instil the safety and security of his current position. Yet that part is actually slowly but surely being forfeit. Russia needs the UK, France and US to intervene. Consider that this intervention will drain troops and costs in excess of 200 billion Euros. After that Pinocchio’s strings can be cut, his role will have been played out. This will not be a quick step and a likely aftermath of no less than 2 additional years. That is all they need to stop economic restoration. It is all they need to ensure an upcoming advantage.

Russia has been handed a massive advantage by several parties involved.

Are we considering suspending humanitarian laws in the UK? In the UK it is Home secretary Theresa May who stated “Britain should consider leaving the European Convention on Human Rights because it interferes with the government’s ability to fight crime and control immigration, Home Secretary Theresa May said on Saturday (9 March)”. Leaving the European Convention on Human Rights does not mean that the UK is abolishing Human rights all together, yet, taking into account the dwindling support for legal aid is a clear second part of this. For Russia it will be the flag they raise to state that Western values are flawed, to be suspended when times get hard. They would be correct. Instead of stopping greed driving consumption and acquisition we enabled it for too long.

Back to Syria!

At present the game has changed. We see carefully phrased denials, the game to postpone. In addition we saw an interview with an Assad loyalist, claiming he was a victim of a chemical attack by the Syrian opposition. Did anyone notice that the video’s from the Syrian opposition were people hardly able to speak and hardly able to breath. The Syrian soldier was in a hospital looking no worse than someone going there for a broken toe. Interesting that this was not that illuminated by the journalist. The fact that one soldier seemed to be in the crossfire whilst dozens of dead civilians, children and Syrian opposing troops on the other side. Let’s call a spade a spade shall we?

The conference by Walid al-Muallim did not help the Syrian cause either. They went one step further by now implying that Israel is now a likely strike point. Now let’s disseminate their ‘statements’. From Fox news we see the statement by Mohammed Javad Zarif: “We are in close contact with the Syrian government and they have reassured us that they had never used such inhumane weapons and would have the fullest cooperation with the U.N. experts to visit the areas affected.” (At http://www.foxnews.com/politics/2013/08/25/us-naval-forces-move-closer-to-syria-hagel-suggests)

Really? Then why were these investigators stopped for a week? Their promises are hollow for the simple reason that whatever attack the opposition made would be a danger to any chance the opposition has, whatever attack Syria made on these investigators would condemn them. Not reporting anything is in Syria’s interest. The simple truth at present is that both Israel and Jordan prefer to stay out of the way as much as possible. Israel needs to wait whether Hamas or Hezbollah will start attacking Israel first. If Israel is part of the attack to Syria, then both Hamas and Hezbollah will launch strikes on Israel, this is why Walid al-Muallim adds Israel to the mix. In addition, Russians next puppet is about to enter the field. In an age where we thought that the tension between Iran and the west would lighten up, the Iranian news reported the following: “The Iranian ambassador to Russia says the Islamic Republic can play a ‘constructive role’ in the Geneva 2 conference which is expected to be held on the Syrian crisis.” Of course Russians motive is simple, whatever happens they win. If Iran fails, then the tension on Iran versus West lights up again, if they win America looks weak and in addition Russia makes another billion for loads of concrete for a ‘power plant’ (and then some more including a dozen 7 figure bonuses). In addition, these talks will show initial failings and weaknesses for the Americans as the west will not interfere with Syria and the ‘red line’ Syria crossed.

These are the facts behind certain strategies and in addition most of them are public. The parts that are not that visible were those that were brought to light by Wikileaks. We could argue that those illustrated involving Brown Lloyd James were to be investigated, yet, is that an actual truth? If we consider their mission statement which is “BLJ crafts high-impact communication strategies that move diplomacy forward.” then it might not be the pure smell of Lavender, yet, we should not forget that Assad is still the sovereign ruler of Syria, if BLJ keeps diplomatic channels open, then that is not a bad thing.

How are these events linked?

That is part of the issue. Even though the UK wants and could enter the field to intercept Syrian chemical war abilities, PM David Cameron will go via Parliament (even though not officially needed). When the vote is up, consider who will oppose this and how many of them have had dealings with BLJ. It might make for an interesting picture. The other part where BLJ becomes visible through one of its executives (Mike Holtzman) was an article that goes back to 2003. In that part it was the quote “A solid majority of Americans-over fifty percent-believe the U.S. should lift restrictions on Americans’ freedom to travel to Cuba, allow U.S.-produced food and medical products to be sold to Cuba unimpeded and take steps toward normalization with Cuba as a matter of America’s national interest.” At present the Cuban travel embargo still exists. There are more connections that Mike Holtzman had, and many of them in his work serving both Syria and Cuba, so where does he truly stand? Let me be clear! This man broke no laws, is doing his work and chose his customers as he is allowed to choose them (even though many would call the choice questionable). Yet, in the light of Russia-Cuba and the issues at play we must wonder whether a second cold war has started, or is about to start. That evidence can be seen in several places, many of them public newspapers. The issues that the US has in regards Edward Snowden as well as the issues many nations have with Russian’s anti-Gay approach do not help to diminish tensions (its not like the Russians actually cared about them tensions).

They (the Russians) do play this type of chess game well. As they stated “In connection with this, the Russian side calls for [Washington to] refrain from the threat of force on Damascus, to not fall for provocations and to try to help create normal conditions to give the UN chemical experts’ mission, which is already in the country, the possibility of conducting a thorough, objective and impartial investigation” the foreign ministry statement said (as published by the Guardian), we see that the delays from snipers and administration, the only outcome is that the UN inspectors will now be unlikely to uncover evidence to point to a clear transgressor. No matter who wins that part, no action will only show weakness on the American shores, which serves Moscow, Havana and Beijing just fine.

So is there an actual second cold war? I honestly do not know, but plenty of events are there to turn my ‘Do not know‘ into a very strong ‘likely‘.

Leave a comment

Filed under Uncategorized

Tagged as , , , , , , , , , , ,