Tag Archives: ICIT

The Red Flags

Today is a day where we are overloaded with actions on parties, yet there is little evidence shown, actual evidence that gives light to the danger. So first we see Russia, the old red with hammer and sickle. First we see ‘Expulsions of Russians are pushback against Putin’s hybrid warfare‘ (at https://www.theguardian.com/world/2018/mar/26/expulsions-of-russians-are-pushback-against-putins-hybrid-warfare), as well as ‘More than 130 people could have been exposed to novichok, PM says‘ (at https://www.theguardian.com/uk-news/2018/mar/26/130-people-feared-exposed-to-novichok-in-spy-attack-says-pm). These two matters are shown to us giving two lights. The first is “The expulsions of Russian diplomats on Monday reflect how widely Vladimir Putin has attempted to wage his brand of hybrid warfare and how many leaders and their intelligence agencies he has angered in the process. Even before the Salisbury poisoning, many governments had lost patience with Vladimir Putin’s grey war for domestic reasons of their own. Their response is not just an act of solidarity with the UK but a collective pushback“, I am not denying any of this. There are indicators that Putin has been waging ‘war’ for some time. There is also the larger indication that he is moving on several fronts and he is gaining field in economic options in the Middle East, whilst America has lost footing. The US needs to appease Saudi Arabia to the maximum degree to avoid the dangers of losing even more footing in the Middle East.

It is with “In Lithuania, the government found Russian spyware on its computers. As far back as 2007, Estonia suffered a three-week wave of cyber-attacks” we do get a first issue, as well as with “US and EU expel scores of Russian diplomats over Skripal attack“. You see when governments start to react with “in a show of solidarity” you should all be aware that there is a lot more going on. This is not some form of ‘conspiracy theory’, this is merely facts that you can check. How much solidarity was shown when we all got screwed over by the meltdowns of 2004 and 2008? The economic impact was shown in several countries. Of course not as massive outside of the US, but we all felt the pinch, millions of us. So how much solidarity was shown AGAINST Wall Street? Please show me the evidence, because for the most, these people might have lost their jobs, but left so wealthy that these men could go into brothels for the rest of their lives, shopping for virgins. So when it comes to solidarity, i have merely seen that as a government sham over the last 10 years. In addition, even if we acknowledge that the Novichok is of Russian making, there is evidence that it was not uniquely in Russian hands. In addition, there are clear questions regarding Vil Mirzayanov as well as some of his statements as I showed in the earlier presented blog ‘Something for the Silver Screen?‘ (at https://lawlordtobe.com/2018/03/17/something-for-the-silver-screen/) where I gave the readers “Regarding new toxic chemicals not listed in the Annex on Chemicals but which may nevertheless pose a risk to the Convention, the SAB makes reference to “Novichoks”. The name “Novichok” is used in a publication of a former Soviet scientist who reported investigating a new class of nerve agents suitable for use as binary chemical weapons. The SAB states that it has insufficient information to comment on the existence or properties of “Novichoks””. Now we need to consider that both the OPCW and the SAB are incompetent beyond belief, or that we are now getting a collection of Fish Stories. They presented the statements in 2013. Now TASS (I know, not the greatest source of non-biased journalism) gives us “As far back as 1998, we looked though a regular edition of the spectral database released by the US National Bureau of Standards, which has spectral data on about 300,000 compounds and is regularly updated, to find an agent that caught our attention as it was an organophosphorate chemical. We understood that it must have a lethal effect. Now it has turned out that, judging by the name of that agent, it was Novichok A234. It has surfaced,” Igor Rybalchenko, chief of the ministry’s chemical laboratory, said in an interview with the Voskresny Vecher news roundup on the Rossiya-1 television channel“. You see, this is something that could have been checked. Is TASS lying? If not than we get the additional of what some might regard as ‘fuck ups‘ by both MI5 and GCHQ. In that regard, the less stated involving MI6 at present the better. Now, that part could be easily verified, yet the US and the UK have not given any clear evidence, whilst several sources have clearly shown that Novichoks were out there. If any of the sources, that I mentioned on Novichoks (like Leonard Rink), are shown to be true than there is a larger issue in play. The issue is that some governments are in denial over the evidence and facts and that is a bad thing. Let’s be clear, that does not absolve the USSR (I love the old names) on many of their actions, it merely shows that painting everything with a single brush shows other levels of incompetence on several fields. Even if that was the Intelligence branch intervening for whatever reason, they went about it really bad and the wrong people end up getting scorched. It is the Guardian that gets credits here for asking the hard questions. With ‘UK’s claims questioned: doubts voiced about source of Salisbury novichok‘ (at https://www.theguardian.com/uk-news/2018/mar/15/uks-claims-questioned-doubts-emerge-about-source-of-salisburys-novichok) it asks the harder questions and in there we see the conflicts that Craig Murray brings. With ““There is no evidence it was Russia. I am not ruling out that it could be Russia, though I don’t see the motive. I want to see where the evidence lies,” Murray said. “Anyone who expresses scepticism is seen as an enemy of the state.”“. I am pretty much on his side on this matter. I found issues that gave rise to the blanket accusation within 30 minutes, perhaps better stated it took an hour because the OPCW documents read as smooth as sandpaper, more boring materials and meetings will seldom be read. Besides the questions from the Guardian, not one of the newspapers dug into the overkill matter. The entire exercise too overly complicated. I could have mugged, executed the two making it look like a robbery in mere minutes (excluding preparation time), it would be done in no time and no chemical risks at all, to no one. So as we saw PM Theresa May give us “More than 130 people could have been exposed to the deadly nerve agent novichok during the Russian spy attack in Salisbury, Theresa May said on Monday“, yet no one raises that it could be a mere individual or even the Russian Mafia. Two likely considerations in all this, and not one has raised that part. No matter how we see the opposing players in Special Forces or Intelligence. To set the stage of 130 bystanders getting in the crossfires is a realistic thing in places like Syria and Yemen, where there is open warfare, in places like Chantilly, Cheltenham, St Petersburg, or Lille is not where one goes playing like that. You see killing a target, a valid target is one thing, doing it whilst setting the stage for getting +100 plus knowingly in the crossfires requires an entirely different type of psychopath and governments tend to not hire those types in the first place.

That alone merely emphasizes the part that my view has been correct all the time. In addition to that, we still have seen no clear stated evidence on how it was done. The Scotsman (at https://www.scotsman.com/news/uk/sergei-skripal-exposed-to-nerve-agent-through-car-vents-reports-1-4707852) stated “may have been exposed to a deadly nerve agent through his car’s ventilation system“, which they got from the US. You see, when we get ‘may have been‘ and ‘possibly‘, we need to realise that we are either kept in the dark, or they actually just do not know at present, which makes a case for blaming the Russian government a weird choice at best. And with every delay in this it merely shows that the entire mess is a lot larger, yet the media ignores that. I call that an actual problem.

I mentioned Lithuania earlier. Now, the following speculation does not absolve Russia, but when you realise that people like the Russian Mafia might oblige the Russian government at times, they are still in it for money, for simple profit and coin. So when we see: “In March 2016, Vladislav Reznik, a Deputy of the State Duma, has been put on the international wanted list and officially charged with membership in Tambovsko-Malyshevskie organized criminal group and money laundering in Spain. Reznik’s villa has been searched. According to the indictment, Reznik was among those controlling the gang operations and a member of Gennady Petrov’s business circle” as well as “€16 million have been received from the British Virgin Islands, Panama, Lithuania, Switzerland, Great Britain, and Russia. On the other hand, monetary funds amounting to some $8.5 million have been transferred from his accounts to Russia, Panama, Cayman Islands, and U.S.“, we see that Lithuania has larger players in the fold. If it is a vessel for transferring funds, having their cyber infrastructure under attack seems to be an effective way to keep the eyes peeled in different direction (extremely speculative), yet in support there is also “In July, Russian hackers were blamed for a similar assault on Lithuanian government Web sites. In Security Fix’s account of that attack, I posted a copy of a congratulatory letter sent to nationalist Russian hackers by Nikolai Kuryanovich, a former member of the Russian Duma. The missive is dated March 2006, and addresses the hacker group Slavic Union after the group had just completed a series of successful attacks against Israeli Web sites“, which is a first link from a ‘gov.ge‘ site. Cyberwar – Georgia

In addition there is “The wave of attacks came after a row erupted over the removal of the Bronze Soldier Soviet war memorial in Tallinn, the Estonian capital. The websites of government departments, political parties, banks and newspapers were all targeted. Analysts have immediately accused the Russian Business Network (RBN), a network of criminal hackers with close links to the Russian mafia and government, of the Georgian attacks“, now remember that Tallinn is in Estonia, not Lithuania. Yet the methods that the Russian Mafia uses are quite often duplicated (an Amway solution) and that part is not so far stretched. It is another cog that is showing us on the acts of the Russian Mafia. The Russian government is not absolved in all this, yet Theresa May did not tell us: ‘we have strong indications that a member or Russian organised crime with links to the Russian governments are behind this‘. No! She went straight for the Russian government and offered no clear evidence, that whilst the clear evidence could be largely dismissed in most courts with merely the use of the documents of the SAB, the OPCW and the testimony of Vil Mirzayanov who seemed to be interested in upping the sold copies of his 2008 publication.

There are sides to my story as well, parts I am not happy about, parts that should be scrutinised, yet in all this, the current facts and statements seem to take down the UK case at present. More importantly it shows us that the US is also playing the fear game, it is now more afraid than ever that it loses more and more turf in the Middle East, whilst Russia is moving forward. That scares them more than anything, even more than any Novichooks (yup intentional typo) in play, especially when we consider the danger that these weapons are and additional could be down the line, is that not odd either?

Ready Player Two

And that is not the whole story. You see in all this the other red flag has a star and a crescent moon. Yes it’s everyone’s favourite humanitarian setting (or was that lack off?), it is Turkey. So when we are again treated to the marketing of ‘Turkey needs Europe, Europe needs Turkey‘, the people in Europe need to run to the Brexit, or any EU-Exit they can find. I stated it in a previous blog with ‘This relates directly to Turkey, because it shows the desperate EU trying to open a many doors as possible‘. I did that in ‘A changing language‘ (at https://lawlordtobe.com/2018/02/15/a-changing-language/) well over a month ago. Now we see “Turkey is not doing very well economically, it needs outlets” said Lamberts, “and it is very clear that bad relations with Europe are harmful to Turkey, so somewhere on the economic level Erdogan needs Europe and Europe in fairness needs Turkey“, which Euro news gave us yesterday. So we see how Philippe Lamberts, a Belgian Green MEP is willing to throw values overboard, the economy does not allow for any humanitarian values. So when I see any journalists hiding behind ‘constant attacks on transgressions of human rights‘, whilst attacking governments making any kind of economy based deals. Can they just kindly go fuck themselves? When we see the Turkish joke evolving on the EU field, no journalist gets to use the ‘Human Rights‘ card for a long time to come. If you want to do that, go visit Turkey and protest in front of those prisons that have journalists locked up for life. Until you can make that change there, do not come crying on other shores. If you need actual Human rights issues, then perhaps turn to Canada where we got “A French waiter who was fired for his “aggressive, rude and disrespectful” manner has claimed compensation, insisting that his behaviour is not unusual, but that he is simply French“, that is the story of Guillame Rey from Vancouver Canada. that is where the Human Rights have gotten us and that is a real win for the ‘15 children that were killed in an airstrike as they hid in the basement of a school in the town of Arbin‘, yes a real humanitarian win in this. So even as the financial Times reported less than 2 hours ago “The EU said it failed to win a pledge from Turkey to free journalists it has jailed and improve other rights for its citizens but that it will maintain talks with President Recep Tayyip Erdogan after their first meeting in almost year“, we see no place stating that turkey will not become a member of the EU. It is another side where the gross negligence of evidence is taking the toll of our humanity. So as the President of the European Council Donald Tusk gives us “Only progress on these issues will allow us to improve EU-Turkey relations, including the accession process” (at https://www.ft.com/content/dbefa9e6-313d-11e8-b5bf-23cb17fd1498), so I am proven correct yet again, they merely need to push the EU deeper in debt, which according to Bloomberg is coming for certain through “Draghi’s call for patience and persistence in delivering stimulus, suggesting bond-buying will be extended beyond September” or set the stage where the so called Humanitarian principles are ignored, which has been the case for close to a year. It has only strengthened my view that the UK is a lot better off outside the EU, because this entire EU mess will collapse onto itself and woe to those who are left behind paying for it all. It could set back the economic markers for close to two generations in Europe, which should scare anyone in the EU.

The last red flag is North Korea (it has blue too)

I mentioned it some time ago. The entire Sony mess and blaming North Korea was never really resolved. So when I got the news from ABC stating “Secret intelligence documents and photos unilaterally collected by the U.S. military were among the stolen cache of South Korea’s classified documents by North Korean hackers, but the totality of what was stolen remains unknown“, we should be starting to get careful. you see it implies one side, but to my view it gives an entirely different issue. It implies that North Korea is a capable cyber operator. Now, we know that one can do plenty of damage with a laptop (like in the movies). Yet when you see these pics you wonder what on earth is going on, because we now get the speculated but believable view that ‘the US gave documents to an ally that does not have its basic cyber protections in place‘, that is a very different kind of cheddar, isn’t it? Now, I have seen a few pics where the computers look a little more advanced, but nothing that an actual gamer would still be using two years ago. And that is the foundation of their hacking? Let’s be clear, there are situation where you can hack with a 10 year old laptop, but you need skills, you need access to documentation and the ability to get past the firewalls and past sniffers and network monitors. They do exist, yet that requires an equal incompetency on the South Korean side, a part that we are also ignoring, the use of Common Cyber Sense.

You see, when you get “Malware contamination of the intranet server of the cyber command that occurred in September last year was confirmed by the South Korea’s Defense Ministry in May but this is the first glimpse of the scope of the damage“, there is another layer in place, one that does make sense. Some of the European, Russian and optional US hackers are selling their stuff to North Korea. That is a very possible scenario, but in that case both the FBI (if the US was involved), as well as the CIA failed in their tasks. Perhaps better stated, the CIA seems to be unable to thwart North Korea from purchasing cyber hacking software from making it to North Korea, which is equally a failure on several levels. It is unfair to blame merely the CIA. It is fair enough to add the earlier avoided MI6 to the mix as they should have been watching that danger, because if these hackers can get to South Korea, they could in theory hit the UK in equal measure, the evidence is there. Even as we agree that North Korea does not have the skills (my personal belief) to create something like Wannacry. I already went there to some degree in ‘In light of the evidence‘ (at https://lawlordtobe.com/2017/05/28/in-light-of-the-evidence/), the evidence given was compelling that was given by ICIT. In addition we had ‘when IBM cannot give view of any mail that propagated the worm’, which also takes North Korea out of the loop, yet they could have acquired the software. So even as the largest cyber player like IBM remains in the dark, there is still evidence that it was North Korea? That view was only enforced when a Dutch media team went to North Korea a few years back. In some places their cameras were locked up because no photographs were allowed. Yet most had them anyway, because the North Korean officers had no idea what a smartphone was and that it was able to take pictures. The Dutch NOS showed it on Television, so that is the place that hacked into South Korea, the birthplace of Samsung? It is not impossible and was never denied by me, but it was so extremely unlikely that unless clearly proven with evidence considering it was utterly impossible to the common sense mind. Yet as the source is not in North Korea, hunting that source down is more important, because the next time it will not be some version like Wannacry 2.0, it could be Stuxnet 7.1 and as the UK has 15 reactors and the US has 99 reactors in 30 states, it seems to me that waking up both MI6 and the CIA to actually get to the bottom of these North Korean ‘praised’ cyber skills and find out where those skills actually were (read: came from), because not doing so is a much larger issue. I hope that the South Korean bungle of their network security constitutes as at least some level of evidence.

Three red flags, none of them are innocent, I never implied that, but as we are changing the play, the marketing vibe and the need of what is real we need to carefully weigh what the media gives us and what those giving the media are actually after. I have seen enough evidence thrown about and have been able to ask questions to the extent that gives rise to many question marks and whilst some media are playing the emotional waves, some are seeking clarity and that clarity gives us additional options and views that we did not consider before. People all over the world are told to jump to the left, whilst there is no evidence that anything form the right was going to hit us in the first place, which makes us wonder why they did not want us on the right side to begin with.

These red flags are important, because even if we had any faith on the Russians trying to attack us, we need to consider that Cambridge Analytica is an English firm and even as Fortune now reports “A non-partisan watchdog group has filed complaints with the Department of Justice and the Federal Election Commission alleging that the data firm Cambridge Analytica violated U.S. election law by having foreign nationals involved in the decisions of political committees“, we see that it was a British firm who scored that job.

So it is possible that the people in Moscow will be treated to a comedy in 22 hours, it will go something like “TASS Is Authorized to Declare that the accusations against the Russian government and its people were propagated by an English Firm“, in this I used part of the 1984 Soviet spy miniseries directed by Vladimir Fokin, because even with my weird sense of humour it seemed important to give it an Orwellian sling. Perhaps you should check out his new book. It apparently deals with life in the US after a presidential election.

 

Advertisements

3 Comments

Filed under Finance, IT, Media, Military, Politics, Science

In light of the evidence

We tend to accept facts and given situations whenever we have a reliable source and a decent level of evidence. The interesting side is that howling to the moon like a group of sheep hoping the lone wolf will not hear them is an equally weird revelation. The question becomes at that point, who is the lone wolf and who are the sheep, because neither position nor identity is a given. Now, for the first art, we have the Guardian article (at https://www.theguardian.com/politics/2017/may/27/eu-theresa-may-combat-terror-brexit-europol), with the expected title ‘We need deal with the EU to combat terror, experts tell Theresa May‘, which of course gets them the DGSE, yet the usefulness of the rest becomes a bit of an issue. For this part we need to look somewhere else, and we will do that after the given quote in the mentioned article “Although our partnership with the US for intelligence sharing is extremely important, the fact is that the current terrorist threat is very much a European dimension issue. The Schengen database and knowing about who has moved where are all intimately dependent on European systems and we have got to try to remain in them“. This could be a valid and valued statement, yet is that truly the case? For this we need to take a little gander to another place of intelligence and Intel interest. The Cyber monkeys, or is that the cyber-mercenaries? The difference is merely a moment when you WannaCry 1.4. You will have heard, or perhaps read regarding the NHS as it was struck, here again we see: “However, it instead appears to be down to organisations and individuals failing to run keep Windows up to date“, which was actually voiced by NHS Digital, the failure of policies as they were not adhered to by IT staff, or at least those responsible for keeping those PC’s up to date with patches. The second quote given much earlier in the IT article is ““To be abundantly clear, the recent speculation concerning WannaCry attributes the malware to the Lazarus Group, not to North Korea, and even those connections are premature and not wholly convincing,” wrote James Scott, a senior fellow at the Institute for Critical Infrastructure Technology (ICIT)“, which is where I have been all along. The one nation that has less computer and internet innovation than a Nintendo GameCube sets this level of hardship? It is just too whack for thought. It is the quote “At best, WannaCry either borrowed heavily from outdated Lazarus code and failed to change elements, such as calls to C2 servers, or WannaCry was a side campaign of a minuscule subcontractor or group within the massive cybercriminal Lazarus APT” that changes the game. In addition we see: “The publication referred to “digital crumbs” that the cyber security firm had traced to previous attacks widely attributed to North Korea, like the Sony Pictures hack in late 2014″, we will exclude the quote “Shadow health secretary Jon Ashworth has said Labour would invest an extra £5 billion into new IT infrastructure for the NHS, after hospitals and services were affected by the widespread Ransomware attack on Friday“, especially as Labour had in the previous government wasted £11.2 billion on an IT system that never worked, so keeping them away from it all seems to be an essential first.

The issue is now in several phases. Who got hit (those not updating their systems). It affected according to some sources thousands of systems, yet when it comes to backtracking to a point of origin, the Cyber Intelligence groups remain unclear. The IT article (at http://www.itpro.co.uk/security/28648/nhs-ransomware-north-korea-may-not-be-behind-wannacry), gives us a few things, yet the clear reference to the Guardians of Peace, the identity the hackers had given themselves in the Sony event gives a few additional worries. Either this is clearly a mercenary group without identity, or we have a common new issue on identity when it comes to Cyber criminals. You see, as we see more and more proclaiming the links between the Lazarus group and North Korea, we do not get to see a clear link of evidence. Many sources give us ‘could be linked‘, or ‘highly likely‘, which is an issue. It makes the evidence too shallow and circumstantial. The NY Times gives us (at https://www.nytimes.com/2017/05/22/technology/north-korea-ransomware-attack.html) yet they are basically stating what Symantec game us and mention that. My issue here is “But the hackers left behind a trail of digital crumbs that Mr Chien and his colleagues had traced to previous attacks by the Lazarus Group“, what if the crumbs were an intentional side? You see, the quote “another group of hackers that call themselves the Shadow Brokers published the details of National Security Agency hacking tools that the WannaCry hackers were able to use to add muscle to their attacks” give a different light. The fact that there is a team reengineering tools and flaws to get somewhere fast is one. We have seen the lack of actual cyberpower of North Korea in the past, the fact that they are regarded on the same level as Chinese Cyber forces is a bit silly. You see, any country has its own level of savants, yet the fact that North Korea, a nation as isolated as it is, gets to be on par with China, an actual superpower that has Cyber infrastructures, experts at the University of Shanghai (the white paper on cracking AES-256, 2001), as well as a growing IT technology base is just a little too whack.

This now reflects back to the European need of Schengen. The UK needs quality intelligence and with the US breaches of Manchester, the fact that no high quality evidence was ever given regarding the Sony Hack, the growing source of all kinds of hacker names and no validity or confirmable way to identify these groups leaves us with a mess that pretty much anyone could have done this. In light of the NSA flaw finders, there is now more evidence in the open giving the speculative hacker as one with skills that equal and surpass people graduating with high honours at MIT, than anything North Korea could produce. It does not put North Korea in the clear (well the fact that the generals there had no comprehension of a smartphone should be regarded as such), and as we see the entire Bitcoin go forward, we need to take more critical looks at the given evidence and who is giving that evidence. We all agree that places like Symantec and Kaspersky should be highly regarded, yet I get the feeling that their own interns know more about hacking then the sum of the population of all North Koreans do, which is saying a lot. We see supportive evidence in the Business Insider (at http://www.businessinsider.com/wannacry-ransomware-attack-oddities-2017-5). Here we see IBM with “IBM Security’s Caleb Barlow, researchers are still unsure exactly how the malware spread in the first place. Most cybersecurity companies have blamed phishing emails — messages containing malicious attachments or links to files — that download the ransomware. That’s how most ransomware finds its way onto victims’ computers. The problem in the WannaCry case is that despite digging through the company’s database of more than 1 billion emails dating back to March 1, Barlow’s team could find none linked to the attack“, one billion emails! That is what we call actual evidence and here IBM is claiming that the issue of HOW the malware spread remains a mystery. Now, can you see that the entire North Korean issue is out of touch with the reality of Common Cyber Sense and Actual Cyber Security? Two elements, both are essential in all this. It is the lack of actual evidence that seems to be the issue, giving us the question, who wants the North Korea issue propagated? Any answer here is more likely to be political than anything else, which now gives us additional questions on where for Pete’s sake the need of European Intelligence remains as they fall short of providing answers. In light of the Schengen database. Why would that not be shared? If the US has access as a non-European, non-EC nation, why would the UK, a clear European nation be barred from access? With all the flawed acts by the US, having actual professionals look at Schengen data, seems to be an elemental first, would you not agree?

An additional question would be on how these Bitcoins would be cashed, it is not like an isolated nation like North Korea ever had a flying business in Bitcoins in the first place. It is actually (yes, I am shocked too), that quality information comes from PwC. In this case Marin Ivezic, a cyber-security partner. He gives us “EternalBlue (the hacking tool) has now demonstrated the ROI (return on investment) of the right sort of worm and this will become the focus of research for cybercriminals“, which would be a clear focus for veteran cyber criminals, yet the entire re-engineering foundation gives another slice of circumstantial evidence that moves us actually away from North Korea. So in this we have two elements. As the FBI and CIA have been all about pointing towards North Korea, the question becomes, where do they not want us to look and whatever else do they not have a handle on? These points are essential because we are shown an elemental flaw in Intelligence. When the source is no longer reliable, why would they be around in the first place? We can agree that governments do not have the goods on Cyber criminals, because getting anything of decent value, tends to require inside knowledge, which is the hardest to get in any case, especially with a group as paranoid as cyber criminals. The second side is that China and Russia were on the list as one of the few abled parties to get through Sony, yet Russia has fallen of the map completely in the last case, that whilst they are actually strengthening ties with North Korea. That does not make them guilty, yet on the sale required Russia was one of the few with such levels of Cyber skills. The fact that we see in the NY Times that it is too early to blame North Korea is equally some evidence, it gives vision to the fact that there are too many unknowns and when IBM cannot give view of any mail that propagated the worm, gives additional consideration that there are other places who cannot claim or show correctly how the worm got started, which is now an additional concern for anyone altering the work for additional harm. As the point of infection is not known, stopping the infection becomes increasingly difficult, any GP can tell you that side of the virus. There is one more side I would like to raise. This comes from a source (at http://securityaffairs.co/wordpress/59458/breaking-news/wannacry-linguistic-analysis.html), it is not a journalistic source, or a verified source, so please take consideration that this news could be correct. It is however compelling. The quote ““The text uses certain terms that further narrow down a geographic location. One term, “礼拜” for “week,” is more common in South China, Hong Kong, Taiwan, or Singapore. The other “杀毒软件” for “anti-virus” is more common in the Chinese mainland.” Continues the analysis “Perhaps most compelling, the Chinese note contains substantial content not present in any other version of the note, is lengthier, and differs slightly in format.” The English note of the ransomware appears well written, but it contains a major grammar mistake that suggests its author is either not a native speaker or possibly someone poorly educated“, that would make sense, yet how was that source acquired?

The second quote: ““Given these facts, it is possible that Chinese is the author(s)’ native tongue, though other languages cannot be ruled out,” Flashpoint concluded. “It is also possible that the malware author(s)’ intentionally used a machine translation of their native tongue to mask their identity. It is worth noting that characteristics marking the Chinese note as authentic are subtle. It is thus possible, though unlikely, that they were intentionally included to mislead.” The Flashpoint analysis suggests attackers may have used the Lazarus code as a false flag to deceive investigators, a second scenario sees North Korean APT recruiting freelance Chinese hackers to conduct the campaign” gives us a few elements, the element of misdirection, which I had noted on from other sources and the element that North Korea is still a consideration, yet only if this comes from a freelance hacker, or someone trying to get into the good graces of Pyongyang, both options are not out of the question as the lack of Cyber skills in North Korea is a little too well set from all kinds of sources. The writer Pierluigi Paganini is a Cyber professional. Now even as Symantec’s Eric Chien is from California, did they not have access to this part and did no one else correctly pick up on this? As I stated, I cannot vouch for the original source, but as I had questions before, I have a few additional questions now. So, exactly how needed is European Intelligence for the UK? I think that data should be shared within reason. The question becomes, how is Schengen data not shared between governments? The Guardian gives us “After the Manchester attack, which killed 22 people and left dozens of others grievously injured, it was revealed that suicide bomber Salman Abedi had travelled back to England from Libya via Turkey and Dusseldorf four days before the attack“, so how reliable is Turkish intelligence in the first place? How could he have prepared the bomb and get the ingredients in 4 days? There is an additional view on ISIS support active in the UK, yet as we now see that this drew attention to him, why on earth was the trip made? Also, was Libya or Mecca the starting point (source: claim from the father in earlier Guardian article)? How would sharing have resolved this?

Now look at this in light of the US leaks and the Cyber Intelligence of a dubious nature. There is a growing concern that the larger players NSA, DGSE, GCHQ have flaws of their own to deal with. As they are relying more and more on industry experts, whilst there is a lack of clear communication and reliable intelligence from such sources, the thoughts now become that the foundation of fighting terror is created by having a quality intelligence system that recognises the need for Cyber expertise is becoming an increasing issue for the intelligence branch. Should you wonder than, then reconsider the quote: ‘demonstrated the ROI (return on investment) of the right sort of worm and this will become the focus of research for cybercriminals‘, if you think that cyber jihadists are not considering the chaos that they could create with this, then think again.  They will use any tool to create chaos and to inflict financial and structural damage. They might not have the skills, yet if there is any reliable truth to the fact that the Lazarus group is in fact a mercenary outfit, there would be enough critical danger that they will seek each other out, that is providing that ISIS could bring cash to that table. I have no way of telling how reliable or how certain such a union could be. What is a known is that Sir Hugh Orde is not answering questions, he is creating them, as I personally see it. The quote “UK membership of EU bodies such as Europol and Eurojust, which brokers judicial co-operation in criminal cases, not only allowed access to huge amounts of vital data, but also meant UK police could set up joint inquiries with German police or those from other national forces without delay“. You see, the UK remains part of Europe and Interpol existed before the EC, so as we now see the virtual creation of red tape, the question becomes why the EU has changed rules and regulations to the degree that the UK would fall out of the boat. Is it not weird that the EU is now showing to be an organisation of exclusion? Even if we laugh on the ridiculous promises that Corbyn is making, just to be counted shows that there is a larger problem in place. Why is there suddenly a need for 1,000 more intelligence staff? Can we not see that the current situation is causing more issues then resolve them? As such, is throwing money and staff on a non-viable situation nothing less than creating additional worries?

The last part is seen in “The Schengen database and knowing about who has moved where are all intimately dependent on European systems and we have got to try to remain in them“, yet this does require all players to enter the data accurately, in addition, that only applies to people entering Schengen, yet as has been shown in the past, after that getting locations on people is becoming an increasingly difficult problem. The fact that after the Paris attacks, some people of interest were found to be in Belgium is one side, the fact that these people could have met up with all kinds of contacts on the road is another entirely. The truth is that the intelligence branch has no way of keeping track in such details. In addition we have seen that the list of people of interest is growing way beyond normal means and organising such data streams and finding new ways not just to find the guilty, but to decrease the list by excluding the innocent is growing in complexity on a nearly daily basis. And that is before the cyber mess is added to the cauldron of nutrition. There is at least a small upside, as the technology stream will soon be more and more about non-repudiation, there will be additional sources of information that adds the branches by pruning the list of people of interest. The extent of pruning is not a given and time will tell how this is resolved.

It all affects the evidence that the parties hold and how it is applied, it remains a matter of time and the proper application of intelligence.

 

1 Comment

Filed under Finance, IT, Law, Media, Military, Politics, Science