Tag Archives: Hong Kong

December 15, 2014 · 21:18

When movies fall short

There is nothing as intensely satisfying as when we are confronted with a reality that is a lot more entertaining than a movie would be. Those are moments you live for, that is unless you are a part of Sony and it is your system getting hacked. Life tends to suck just a little at that point.

This is not the latest story to look at, but in light of the elements that have been visibly resolved, it is the best one around. Some will state that the Hostage story in Martin’s Place, Sydney is the big issue, but that is an event that is getting milked for every second possible by the media, I checked! The price of chocolate remains unaffected, so let’s move on to Sony!

The first part is seen in the article ‘Sony hack would have challenged government defences – FBI’ (at http://www.theguardian.com/technology/2014/dec/12/sony-hack-government-defences-fbi), those who think it is new news seem to have forgotten the issues people had in May 2011 (at http://uk.playstation.com/psn/news/articles/detail/item369506/PSN-Qriocity-Service-Update/). “As the result of a criminal cyber-attack on the company’s data centre located in San Diego, California, USA, SNEI shut down the PlayStation Network and Qriocity services on 20 April 2011, in order for the company to undergo an investigation and make enhancements to the overall security of the network infrastructure” 77 million accounts were compromised and the perpetrators got away with a truckload of data.

So when we see the quote “The cyber-attack that crippled Sony Pictures, led to theft of confidential data and leak of movies on the internet would have challenged almost any cyber security measures, the US Federal Bureau of Investigation (FBI) has said“, we should consider the expression once bitten twice shy and not, when bitten use antiseptic, go into denial and let it be done to your network again.

The fact that this revolves around another branch of Sony is just ludicrous, it’s like listening to a prostitute stating that the sick man used the other entrance this time, so we need not worry! If you think that this is an over the top graphical expression, consider that twice in a row that the personal details of millions in the form of data ‘leaked’ to somewhere.

The second quote will not make you feel any safer ““In speaking with Sony and separately, the Mandiant security provider, the malware that was used would have slipped or probably got past 90% of internet defences that are out there today in private industry and [would have] challenged even state government,” Joseph Demarest, assistant director of the FBI’s cyber division told a US Senate hearing“, as we know that governments tend to be sloppy with their technology as they do not have the budgets the bulk of commercial enterprises get, we can look at the quote and regard the statement to be a less serious expression of ‘do we care’, which is nothing compared to the ignored need to keep personal data safe.

You see, commercial enterprises have gotten sloppy. getting newly graduates to look into a system where you need seasoned veterans and you need a knowledge base and a good setup, all factors that seem to be in ‘denial’ with a truckload of companies the size of Sony, as they are all cutting corners so that they can project revenue and contributions in line with the ‘market expectations’.

The quote that becomes interesting is “A link between Gop and North Korea has been muted over Pyongyang’s reaction to the Sony Pictures film The Interview, which depicts an assassination attempt on Kim Jong-un“, so is this group calling itself Guardians of Peace (Gop), the ‘simpleton’ group they are trivialised to be, or is there more. You see, we see a growing abundance of data collections that seem to go nowhere, but is this truly the case? You see, data is money, it is a currency that can be re-used several times, the question becomes, finding someone willing to buy it. If we regard the 2 billion Microsoft paid for Minecraft to be more than just the IP of the sandbox game, then what is it? Which part of that 2 billion is seen as value for the 120 million registered users on PC? Do you now see the currency we are confronted with?

In my book the Sony exercise is a display of the expression ‘a fool and his money are soon parted‘. In light of the 2011 issue, the fact that security was increased to the extent that it could be done again makes for entertainment on a new level, in addition, like a bad infomercial it does not stop here, no! For $9.95 you get so much more then you see now. That we see in the article that was published two days before that (at http://www.theguardian.com/technology/2014/dec/10/fbi-doubts-north-korea-link-sony-pictures-hack). The part that should make you howl like a hyena is seen here “The security firm hired by Sony to investigate the attack, FireEye, described the attack as an “unparalleled and well-planned crime, carried out by an organised group, for which neither SPE nor other companies could have been fully prepared” in a leaked report“, So did you notice ‘unparalleled and well-planned crime‘ and ‘leaked report‘, oh sarcasm, thy name be Miss Snigger Cackle!

The leaked report, which was from the 7th of December (at http://recode.net/2014/12/07/sony-describes-hack-attack-as-unprecedented/) gives us “demanding that organizations which have obtained the leaked information avoid publishing any more material from the hackers, and destroy existing copies. Boies called it “stolen information.”“, you see, the issue here is that if we consider the quote “This attack is unprecedented in nature. The malware was undetectable by industry standard antivirus software and was damaging and unique enough to cause the FBI to release a flash alert to warn other organizations of this critical threat“, so even after the malware, info was still going past the firewall, or was this just ‘leaked’ by an internal source? It takes a little twist when we look at the quote in the December 10th article “The malware had been signed and authorised by Sony Pictures, allowing it to bypass certain security checks“, in my mind this reads as follows: ‘Some idiot gave a pass to malware to roam free on the system‘, so is it that, or was this an internal operation all along? If the second part is true, then who was the beneficiary of all that private data? Who is it means for? You see, many forget that our information is not always for stealing from our credit cards, sometimes it is used to profile us, as a customer, as marketing or as leverage. Why the word leverage? Consider healthcare, consider usage, what happens when an insurance company gets to profile 20 million couch potatoes, what if your healthcare premium suddenly goes up by 15%, do you have any idea how much money that is? So as insurance companies keep the leveraged margins of charge, whilst overcharging risks in addition, we see a growing margin of profit for these insurance companies, whilst getting them to pay for what you are insured for has not gotten any easier has it?

So is this simply a cinematography from Sony Pictures film, called The Interview, which depicts an assassination attempt on Kim Jong-un, or was that the smoke screen? The FBI seems to have ruled out North Korea, as far as I have been able to tell, the only fans of North Korea are the North Koreans and Dennis Rodman (who has no fame in any IT endeavour), so is there enough doubt regarding the reality of what happened and why it happened? Yes, as I see it there is, the question becomes, when there is this much smoke, where are we not looking? That part is to some extent seen in another Guardian Article (at http://www.theguardian.com/film/2014/dec/12/hackers-attack-film-studios-sony-pictures-leak-cybersecurity-warning). We see this quote “Sean Sullivan, senior adviser and researcher at the security company F-Secure, said that he believes the purpose of the Sony hack was extortion. “If it was just hacktivists, they’d have released everything all at once,” he said. “But these releases, it’s like they’re shooting hostages. One thing one day, another the next. This is a really different tactic from what we usually see.”“, this is certainly plausible, but is that it? Why ransom of data and sell it back with the FBI and others on your tail, when you can sell it in Hong Kong, Bangkok, Riyadh and a host of other locations. A simple transaction for an external encrypted drive, a deal you can offer to ALL parties for amount X, the more you offer, the higher X is.

Whilst our data is sold on and on, we run additional risks of getting invoiced for our lives choices and extorted by other financial firms because our privacy is no longer a given in the age of data and it is directly linked to corporations that cannot clean up their act. In the mean time we see leaked report on impossible hack successes, whilst it took only one executive to ‘accidently’ sign and authorise a mere trinket of malware.

So yes, the movies are falling short; reality can be scary and entertaining all at the same time. The question becomes, will there be a change to our invoice of life because of corporate considerations, or lack there off?

 

1 Comment

Filed under Finance, IT, Law, Media, Science

Tagged as , , , , , , , , , , , , , , , , , , , ,

June 11, 2013 · 15:44

The Hunchback of the NSA

We have been hearing information in this regard for some time now. I added my thoughts in my last blog, and as this is such a growing story, let me see if I can add some details to this by looking at a few issues from another side. (Source: www.NOS.nl , www.Guardian.co.uk , et al).

Edward Snowden, His view is that it is up to the people to decide what is to be done. Is it?

2003: Edward joins the Army to deploy to Iraq. He suffers injuries during (basic) training and cannot continue the training.

200?: Edward has been selected into the sanctum and becomes an IT specialist with the CIA, placed in Geneva. Well, that is a nice handle up from basic training isn’t it. Some people dream of opportunities like that all their life.

He gets a dose of disillusionment. (Not my words, just quoting here). The CIA methodology does not sit well with him. As a data analyst with a few decades of experience, including some not to mention data depositories, I can tell him now, that there is method to their madness. I know where he is at this point, because when it is all about data cleaning, integrity checks and verification, whatever you do feels like carrying a bucket of water towards the ocean, but hey, that is what it is. He then decides to quit. That is fair enough! Not all are meant for that lifestyle (including unappreciative bosses that we see by the container load in the commercial world), and as such we should recognise that some of these jobs have a decidedly larger chance of burning out.

2009: He joins the NSA. Really? After he left the CIA? That is an interesting step. Especially knowing that one worries you, the other would not?

Well Edward, this is what you signed up for! But fair enough, you wanted to give it a go. He then becomes NSA’s own Arnold Benedict. Oh joy! (I say in a slightly sarcastic voice) and he ends up feeding the information to the PRESS. I will add that this is slightly better than dumping all this on Wiki-leaks. I will also applaud him for going to the Guardian as I personally see these people as slightly more devoted to Ethics then anything Rupert Murdoch has at present in my humble opinion. Still, Arnold, oops, I meant Edward goes out into the limelight. Consider that his job was to make sure that the American people remained safe. Did he? Many people including terrorists knew this was likely to happen. Now they have confirmation and they might employ new methods, making it harder for the NSA to find them. So who did Edward Snowden actually service? From my point of view it was not the American people. Oh, and Hong Kong of all places? It seems to me that he preferred to be bankable to several potential donators. (But that is just my view).

The NSA has an uncomfortable job that must be done. The terrorist (or perhaps better stated the extremist) threat is real, and as such organisations like NSA, GCHQ and DSD need to look at information as it flows to keep its citizens safe. There is an ugly looking sterile approach to information. It has no emotion; it is simple collection of data. Yes, if anyone gets the wrong phone call we could be checked. Yet, the data is up to a point so complete that these organisations can easily see whether this is a fluke, or if there is more. Is that not the best solution? Most people have this illusion that we have some kind of privacy. The reality is that our information had been collected and data mined by large corporations well over a decade before governments started to collect data.

Do you think that I am kidding?

Take a day in your life. You fill up the tank at a gas station. You use your tank pass to get the 3% extra discount. You pay with either ‘their’ card, or your card. Nowadays it is rare that people pay cash. You go to work. Lunch means that you get lunch at some place. You get a snack and you get 1-2 extra items. Anything at these points that have a pass, or card is in 70% of the cases collected data. Now you go home, get dinner, use your customer loyalty card and you go home. Whenever you did not use cash (and in some cases even if you did) your details were recorded. EVERY day of your life! Whenever you use your mobile, your mobile carrier knows roughly where you are (with some smart-phones they know exactly where you are). All that data has been collected in one way or another.

Yes, even beyond what Orwell contemplated, you are a data collection point, you are marketable!

This is the ugly reality that has been happening since even before 2001. The big problem for you is that many of these companies need to survive, they need revenue, so to survive and you are for sale. Whatever you did is for sale. No matter the amount of cleaning you think they do. It takes but one linkable fact to your raw data details to know exactly who you are, where you are and where you are likely to go. People like the NSA only want to know whether you are a danger to the nation and the people around you. Are you? The others want to make money off you? Only you know how ‘dangerous’ you are, the others want you to spend cash where they like it. It is a never-ending story of greed. So who do you really need to worry about?

So when we see the news on how politicians are all about worries, all about what was done, then ask yourself, what questions have they been asking, investigating and contemplating when it came to the data handed by all to commercial facilities.

Getting back to Edward, whatever his views are. If he was TRULY for the people, and TRULY doing something to make the world better, then he would have done something about the real issues and all those e-mails from bankers and so on. That did not happen, did it? Didn’t Julian Assange ‘vanish’ to Ecuador before he could make good on that promise? So when people are driven by who hold the usage of their credit card, what do we call them then? As for bankable matters, seems that his move to Hong Kong could be all about bankability, but who is banking who?

Leave a comment

Filed under IT, Media, Military, Politics

Tagged as , , , , , , , , , , , , , , , ,