Tag Archives: Jeh Johnson

December 30, 2016 · 13:22

In speculated anticipation

This is on a matter that is slippery like a promiscuous nymphomaniac lady contemplating monogamy. In a world where any person next to you could be a pimp, a whore or merely psychotic. Welcome to the cold war! Merely a few hours ago, the Guardian gave us ‘Obama orders sanctions on Russia after campaign hacking during US election’ (at https://www.theguardian.com/us-news/2016/dec/29/barack-obama-sanctions-russia-election-hack). Now, we have known the CIA and other parties to be blatantly incorrect when it came to Sony and North Korea. Yet, here in this case, there are a few elements in play where it is indeed more likely than not that if there was real interference that Russia would have been guilty, involved or at the very least privy to the events. In this China is a lot less likely, because as business deals go, they are a lot better of with the Ignorance of former State Secretary Hillary Clinton, than they will ever be with President elect Donald Trump, so as the calling of garden grooming spades, the one turning the soil is overly likely to be the Russian side.

There was an earlier article referred to in this one, where we see: “He dodged whether Putin personally directed the operations but pointedly noted “not much happens in Russia without Vladimir Putin”“, which is actually incorrect. You see, and President Barack Obama know this to be an absolute truth is that deniability is essential in some operations. Yet, in this even as President Vladimir Putin would have been kept in the dark (likely by his own request), it is less likely that Sergey Kuzhugetovich Shoygu is involved, yet if the GRU was involved than Igor Korobov would know for sure. You see, the FSB is the second option, yet for those who have seen some of the reports that Darknet has regarding investigative journalist Andrei Soldatov gives at some parts the inclination that the FSB funding on more advanced cyber actions was lacking making the GRU the opponent of choice. This comes with the assumption from my side that less advanced equipment would have given US cyber sides a lot more data to show earlier that Russia was intervening with the elections. The reports of a group called Fancy Bear gives way to the technology they get access to and the places they can access them at. There is another piece that I have not been able to confirm, it is speculative and even as it gives base to giggles of all matters, it remains a speculation. It is said that Fancy Bear operatives have been able to work from North Stockholm, if so, they might have accessed the IBM backbone there, which has a massive amount of data pushing power. Giving way that the US gave powers to enable hacking of the US election system, live is just too cynical at times.

Another quote is also linked to this, but not from the cyber point of view. “Obama repeatedly weighed in on what he saw as increased polarization in the United States. “Over a third of Republican voters approve of Vladimir Putin, the former head of the KGB. Ronald Reagan would roll over in his grave. How did that happen?”“, in that my response would be ‘Well Mr President, if you had gotten of your ass and actually do things instead of politicising things. If you would have actually kept a budget and not push the US into 20 trillion of national debt people might be less on the fence for the other side, right?‘ There will be no reply because not only as this administration been close to useless, the actions of the last few days where the new electorate gets an agenda pushed down its throat where a clear cooperation with terrorist organisations is seen is plenty of food for thought, yet that rave needs to seize as it does not completely apply to the case at hand!

There are however other matters for concern “In a conference call with reporters, senior White House officials said its actions were a necessary response to “very disturbing Russian threats to US national security”“, which beckons three things:

1. Why was it a conference call and not on every video or a live presentation?
2. Wow long has this been actually known?
3. Where is the actual evidence?

Like Sony, like other parts, the press wants to see evidence and NONE has been presented. No station, as far as I have been able to tell has shown any schematic on how the election could have been tampered with evidence. There are hundreds of anti-Clinton and anti-Trump conspiracy theorist videos, yet none form any reputable news channel. Which also now gives voice to the thought whether the US intelligence branch in this administration has been the biggest joke ever (North Korean accusations et al).

Still in all this, the US is pushing for a cold war, which might not be the worst thing, yet as the US is to be regarded as bankrupt, the upgrades that will involve a data centre and 4-6 billion in equipment and resources is something there will be no room for any day soon.

So what is this about? Is this about the Democrats being really sore losers? I am not sure what to think, yet the entire approach via conference calls, no presentation of evidence, there are a few too many issues here. In addition, if there was evidence, do you not think that President Obama would present it, to show at least that he is capable of publicly smiting President Putin? Let’s face it, he does need to brownie points. Yet, in light of some evidence not shown, the actions at the 11th hour, are they a sign that the Democratic Party will be relying on act that some could regard as Malfeasance in office? Of course these people will not need to give a second thought as they will be removed from office in a few weeks, yet to leave open the next public officials to added pressures to clean up not just their last 8 years of action, but in addition acts of impeding elected officials could have long term consequences. Let’s not forget that the Republican Party starts with both a Republican Senate and Congress, as well as their guy in the White House, so if the Democratic Party wants anything to happen, being nice is pretty much their only option.

In addition, when we look at the US recount (at https://www.theguardian.com/us-news/2016/dec/28/election-recount-hacking-voting-machines), we see first off ‘US recounts find no evidence of hacking in Trump win but reveal vulnerabilities‘, in addition we see “In Wisconsin, the only state where the recount was finished, Trump’s victory increased by 131 votes, while in Michigan, where 22 of 83 counties had a full or partial recount, incomplete data suggests was a net change of 1,651 votes, “but no evidence of an attack”“, which is not amounting to evidence in total, we do see that two places were not intervened with, still the system is setting the pace that there are future concerns. The message ““We didn’t conclude that hacking didn’t happen,” he told the Guardian, but “based on the little evidence we have, it is less likely that hacking influenced the outcome of the election” does clearly state that hacking did not happen, it is given with some clarity that any hacking if it happened, that the outcome was not influenced by hacking. This now gives rising concerns to James Comey and what is happening on his watch. More important, the responses that the Guardian had (at https://www.theguardian.com/technology/2016/dec/29/fbi-dhs-russian-hacking-report) where we see “The report was criticized by security experts, who said it lacked depth and came too late” as well as “Jonathan Zdziarski, a highly regarded security researcher, compared the joint action report to a child’s activity center“, which is not the first time we see it. More important is the quote “Tom Killalea, former vice-president of security at Amazon and a Capital One board member, wrote: “Russian attack on DNC similar to so many other attacks in past 15yrs. Big question: Why such poor incident response?”” is exactly the issue I had in the initial minute of the information being read by me and that is not the only part of it. The fact that the involved parties seem to be lacking more and more in advising actions as well as a clear cyber security pathway (the Clinton private mail server issues) that is correctly enforced and checked upon. The utter lack of proper ‘Common Cyber Sense‘ as seen for close to a decade at present all over official and governmental US is cause for a large amount of problems, yet the amount of evidence produced that there actually was Russian Cyber actions into changing the election results have not been brought and was brought was done in a very unconvincing way, in a way that top people had deniability of involvement in fingering the Russians. The PDF reads like something less serious in a few ways. You see, the techniques described are not wrong, but it leaves it open to who was the participating party. It could have been mere private hackers, the Russian Mafia is also a cyber-player. The fact that alleged actions from summer 2015 are only now coming into the light.  Is that not equally strange? By the way, the fact that Russian intelligence would try to ‘visit’ the files of the US Democratic Party is not that weird. Is there any indication that NSA, GCHQ and ANSSI would not have been accessing (or trying to) the United Russian party servers for intelligence is equally silly! Neither shows intent to influence an election. Let’s face it, Benghazi was a large enough mess to sway the vote in the first place and US insiders were all too happy to leak information, the Russian merely had to sit back, laugh and drink Vodka. In addition, the fact that malware was on the systems in not in question, it happens too often in too many places, yet clear evidence that APT28 or APT29 were the culprits implies router information, router data and clear information on when EXACTLY is happened (summer 2015 is a little too wide). More important, this also implies that proper malware defence was NEVER in place, so how shallow do these people want to get?

From page 8 we start seeing the true ability of the intelligence to envelope themselves into the realm of comedy. Items like ‘Update and patch production servers regularly‘ and ‘Use and configure available firewalls to block attacks‘ as well as ‘Perform regular audits of transaction logs for suspicious activity‘, these events should have been taking place for a long time, the fact that registered events from 2015 and now show that these mitigation elements are mentioned imply the fact that IT reorganisation has been essential is a larger issue and heavy on comedy if that has been absent for 2+ years. I think negligence becomes a topic of discussion at that point. The least stated on ‘Permissions, Privileges, and Access Controls‘ the better, especially if they haven’t been in place. So in retrospect, not having any ‘evidence’ published might have been better for the Democratic Party and especially for James B. Comey and Jeh Johnson. The main reason is that these events will have a longer term implications and certain parties will start asking questions, if they don’t, those people might end up have to answer a few questions as well.

In that regard the Guardian quote “The question hasn’t even been asked: ‘Did you take basic measures to protect the data that was on there?’“, a question that seems basic and was basically voiced by Sean Spicer on CNN. The fact that according to 17 intelligence agencies agree (as quoted by CNN), brings worry to those agreeing and the laughable bad quality PDF that was released. Consider that we are seeing the reaction of unanimous agreed intelligence without any clear presented evidence, actual evidence, so what are they agreeing on? As stated by Sean Spicer in the CNN interview, the burden of proof is on the intelligence community. Especially as there is an implied lack of due diligence of the Democratic National Committee to secure their IT systems. The fact that the implied lack of diligence should give view to the fact that there are plenty of American citizens that are anti democrats in the US alone to give worry on WHO have been jogging through the DNC servers.

A view that seems to have been overlooked by plenty of people as well.

In the act of anticipated speculation we should speculate that proper presentation of the evidence will be forthcoming. The presentation on a level that will give a positive response from security experts will be a lot to ask for, yet in all this, you should be asking yourself the one question that does matter, it is possible that the FBI got it wrong three times in a row? If so, in how much trouble is Cyber America?

 

Leave a comment

Filed under IT, Law, Media, Military, Politics

Tagged as , , , , , , , , , , , , , , , , , , , , , , , ,

September 22, 2016 · 12:18

Targeting the FBI

Do not worry, the FBI is not under attack from any hostile force, in this particular case it is me who will be on the offensive regarding statements made in 2014. Let me explain why. To get to the start of this event, we need to take a step back, to be a little more precise we need to turn to the moment 645 days ago when we read that Sony got hacked, it got hacked by none other than North Korea. It took me around an hour to stop laughing, the stomach cramps from laughter are still on my mind when I think back to that day. By the way, apart from me having degrees in this field. People a lot more trustworthy in this field, like Kim Zetter for Wired Magazine and Kurt Stammberger from cyber security firm Norse. The list of sceptics as well as prominent names from the actual hacking world, they all had issues with the statements.

We had quotes from FBI Director James Comey on how tightly internet access is controlled there (which is actually true), and (at https://www.fbi.gov/news/pressrel/press-releases/update-on-sony-investigation) we see “the FBI now has enough information to conclude that the North Korean government is responsible for these actions“. I am pretty sure that the FBI did not expect that this would bite them down the track. This all whilst they rejected the alternate hack theory that Cyber Intelligence firm Norse gave (at http://www.politico.com/story/2014/12/fbi-rejects-alternate-sony-hack-theory-113893). Weirdly enough, the alternative option was no less than ten times more possible then the claim that some made. Another claim to have a giggle at came from Homeland Security, the quote was “The cyber-attack against Sony Pictures Entertainment was not just an attack against a company and its employees. It was also an attack on our freedom of expression and way of life“, which is a political statement that actually does not say much. The person making it at the time was Jeh Johnson.

You see, this is all coming to light now for the weirdest of reasons. The Guardian (at https://www.theguardian.com/world/2016/sep/21/north-korea-only-28-websites-leak-official-data). The subtitle gives us “Apparent error by a regime tech worker gave the world a rare glimpse into the few online sources of information available“, so one of these high profile worldly infamous hackers got a setting wrong and we get “But its own contribution to the world wide web is tiny, according to a leak that revealed the country has just 28 registered domains. The revelation came after one of North Korea’s top-level name servers was incorrectly configured to reveal a list of all the domain names under the domain .kp“, you see, here we see part of the fun that will now escalate.

In this I invite NSA director Admiral Michael Rogers and FBI Director James Comey to read this, take note, because it is a free lesson in IT (to some extent). It is also a note for these two to investigate what talents their agencies actually have and to get rid of those who are kissing your sitting area for political reasons (which is always good policy). When  the accused nation has 28 websites, it is, I agree not an indication of other internet elements, but let me add to this.

The need to prototype and test any kind of malware and the infrastructure that could actually be used against the likes of Sony might be routed via North-Korea, but could never originate there. The fact that your boffins can’t tell the difference is a clear given that the cyber branch of your organisations are not up to scrap. In that case it is now imperative that you both contact Major General Christopher P. Weggeman, who is the Commander, 24th Air Force and Commander, Air Forces Cyber (AFCYBER). He should most likely be at Lackland Air Force Base, and the phone number of the base is (210) 671-1110. I reckon setting up a lunch meeting and learn a thing or two is not entirely unneeded. This is not me being sarcastic, this is me telling you two that the case was mishandled, got botched and now that due to North Korean ‘expertise’, plenty of people will be asking questions. The time requirement to get the data that got taken was not something that happened overnight. For the simple reason that that much data would have lit up an internet backbone and ever log alarm would have been ringing. The statement that the FBI made “it was unlikely that a third party had hijacked these addresses without allowance from the North Korean government” was laughable because of those pictures where we saw the Korean high-command behind a desktop system with a North Korean President sitting behind what is a mere desktop that has the computation equivalent of a Cuisena Egg Beater ($19.95 at Kitchen Warehouse).

Now, in opposition, I sit myself against me. You see, this might just be a rant, especially without clarification. All those North Korean images could just be misdirection. You see, to pull of the Sony caper you need stimulation, like a student would get at places like MIT, Stanford, or UTS. Peers challenging his solutions and blocking success, making that person come up with smarter solutions. Plenty of nations have hardware and challenging people and equipment that could offer it, but North Korea does not have any of that. The entire visibility as you would see from those 28 domains would have required to be of much higher sophistication. You see, for a hacker, there needs to be a level of sophistication that is begotten from challenge and experience. North Korea has none of that. Evidence of that was seen a few years ago when in 2012 in Pyongyang I believe, a press bus took a wrong turn. When some reporters mentioned on how a North Korean (military I believe) had no clue on smartphones. I remember seeing it on the Dutch NOS News program. The level of interaction and ignorance within a military structure could not be maintained as such the military would have had a clue to a better extent. The ignorance shown was not feigned or played, meaning that a technological level was missing, the fact that a domain setting was missed also means that certain monitoring solutions were not in place, alerting those who needed to on the wrongful domain settings, which is essential in regards to the entire hacking side. The fact that Reddit and several others have screenshots to the degree they have is another question mark in all this last but not least to those who prototype hacking solutions, as they need serious bandwidth to test how invisible they are (especially regarding streaming of Terabytes of Sony data), all these issues are surfacing from this mere article that the Guardian might have placed for entertainment value to news, but it shows that December 2014 is a very different story. Not only does it have the ability to exonerate the

We see a final quote from Martyn Williams, who runs the North Korea Tech blog ““It’s important to note this isn’t the domain name system for the internal intranet,” Williams wrote. “That isn’t accessible from the internet in any way.”” which is true to some extent. In that case take a look to the PDF (at https://www.blackhat.com/presentations/bh-usa-07/Grossman/Whitepaper/bh-usa-07-grossman-WP.pdf) from WhiteHat security. On page 4 we get “By simply selecting common net-block, scans of an entire Class-C range can be completed in less than 60 seconds“, yes, I agree you do not get that much info from that, but it gives us to some extent usage, you see, if something as simple as a domain setting is wrong, there is a massive chance that more obscure essential settings on intranet level have been missed, giving the ‘visitor’ options to a lot more information than most would expect. Another matter that the press missed (a few times), no matter how Time stated that the world was watching (at http://time.com/3660757/nsa-michael-rogers-sony-hack/), data needs to get from point to point, usually via a router, so the routers before it gets to North Korea, what were those addresses, how much data got ported through?

You see, the overreaction from the FBI, Homeland Security, NSA et al was overly visible. The political statements were so out in the open, so strong, that I always wondered: what else? You see, as I see it, Sony was either not the only one who got hacked, or Sony lost something else. The fact that in January 2015 Sony gave the following statement “Sony Entertainment is unable to confirm that hackers have been eradicated from its computer systems more than a month after the film studio was hit by a debilitating cyber-attack, a report says“, I mentioned it in my article ‘Slander versus Speculation‘ (at https://lawlordtobe.com/2015/01/03/slander-versus-speculation/). I thought it was the weirdest of statements. Basically, they had almost 3 weeks to set up a new server, to monitor all data traffic, giving indication that not only a weird way was used to get to the data (I speculated on an option that required it to be an inside job), yet more important, the fact that access had not been identified, meaning it was secured gave way to the issue that the hackers could have had access to more than just what was published. That requires a little bit more explanation. You see, as I personally see it, to know a transgressor we need to look at an oversimplified equation: ‘access = valid people + valid systems + threats‘ if threats cannot be identified, the issue could be that more than one element is missing, so either you know all the access, you know all the people and you know the identity of valid systems. Now at a place like Sony it is not that simple, but the elements remain the same. Only when more than one element cannot be measured do you get the threats to be a true unknown. That is at play then and it is still now. So if servers were compromised, Sony would need a better monitoring system. It’s my personal belief (and highly speculative) that Sony, like many other large companies have been cutting corners so certain checks and balances are not there, which makes a little sense in case of Sony with all those new expansions corners were possibly cut and at that point it had an IT department missing a roadmap, meaning the issue is really more complex (especially for Sony) because systems are not aligned. Perhaps that is the issue Sony had (again this is me speculating on it)?

What is now an issue is that North Korea is showing exactly as incapable as I thought it was and there is a score of Cyber specialists, many of them a lot bigger then I will ever become stating the same. I am not convinced it was that simple to begin with, for one, the amount of questions the press and others should have been asking regarding cloud security is one that I missed reading about and certain governmental parts in the US and other nations have been pushing for this cheaper solution, the issue being that it was not as secure as it needed to be, yet the expert levels were not on par so plenty of data would have been in danger of breaching. The question I had then and have now a lot louder is: “Perhaps Sony showed that cloud server data is even less secure than imagined and the level required to get to it is not as high as important stakeholders would need it to be“. That is now truly a question that matters! Because if there is any truth to that speculation, than the question becomes how secure is your personal data an how unaware are the system controllers of those cloud servers? The question not asked and it might have been resolved over the last 645 days, yet if data was in danger, who has had access and should the people have been allowed to remain unaware, especially if it is not the government who gained access?

Questions all worthy of answers, but in light of ‘statements made’ who can be trusted to get the people properly informed? Over the next days as we see how one element (the 28 sites) give more and more credible views on how North Korea was never the culprit, the question then becomes: who was? I reckon that if the likely candidates (China, Russia, UK and France) are considered there might not be an issue at all, apart from the fact that Sony needs to up their Cyber game, but if organised crime got access, what else have they gotten access to?

It is a speculative question and a valid one, for the mere reason that there is at present no valid indication that the FBI cyber unit had a decent idea, especially in light of the official response towards cyber security firm Norse what was going on.

Could I be wrong?

That remains a valid question. Even when we accept that the number of websites are no indication of Intranet or cybersecurity skills, they are indicative, when a nation has less websites than some third world villages, or their schools have. It is time to ask a few very serious questions, because skills only remain so through training and the infrastructure to test and to train incursions on a WAN of a Fortune 500 company is not an option, even if that person has his or her own Cray system to crunch codes. It didn’t make sense then and with yesterday’s revelation, it makes even less sense.

Finally one more speculation for the giggle within us all. This entire exercise could have been done to prevent ‘the Interview’ to become a complete flop. You know that movie that ran in the US in 581 theatres and made globally $11,305,175 (source: Box Office Mojo), basically about 10% of what Wolf of Wall Street made domestically.

What do you think?

 

Leave a comment

Filed under IT, Media, Military, Politics, Science

Tagged as , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,