Tag Archives: Mandiant

The price of identity

We all have needs, we all have identities. It is important to us, as it is for many others. No one debates or disagrees with it. Yet what to do when identity hinders us? When we see the Washington Post (at https://www.washingtonpost.com/world/national-security/former-nsa-deputy-is-mattiss-leading-choice-to-head-the-spy-service-if-it-splits-from-cyber-command/2018/10/05/1be8d7a8-c73d-11e8-b2b5-79270f9cce17_story.html) giving us ‘Former NSA deputy is Mattis’s leading choice to head the spy service if it splits from Cyber Command‘, we need to consider the impact of identity, corporate identity, governmental identity, military identity, projected and presented identity. They are not the same and can vary to a much larger degree. When someone is part of what used to be referred to ‘No Such Agency‘. We will get the impact of identity; we all know that and many faced it too. Look at any friend or co-worker you have ever known and ask him/her about the impact of a merger and they will tell you, there are changes. Some are subtly, some are not noticed, yet others are, usually in infrastructure and the way things were done. Now the change tends to be for the good in the long run but that is not a given.

So what gives?

It is my personal observation and a highly speculative one at that. Yet I believe that the Washington Post giving us: “The current head of both organizations, Gen. Paul Nakasone, has urged Mattis to keep the NSA and U.S. Cyber Command under one leader on the grounds that the nine-year-old military organization is not ready to stand on its own, these people said. In recent weeks, Mattis was close to a decision to separate the leadership arrangement, but Nakasone’s counsel has caused him to reconsider, according to two U.S. officials. The officials spoke on the condition of anonymity to discuss sensitive internal deliberations“, is not entirely accurate. I believe that ‘military organization is not ready to stand on its own‘ is not the setting that matter. I believe that Stratfor who gives us ‘A New, More Aggressive U.S. Cybersecurity Policy Complements Traditional Methods‘ is very much at the heart of that. I believe that the general is not ready or perhaps unwilling to set the offensive and aggressive part in motion. Now, this is no bad reflection on the general, let that be a first. He is well decorated, he has seen the field in many ways and he has done a fair share of field events. He has earned his rank. I merely wonder that a man who has seemingly played a defence and protection game is the man for the offense. I think that this is a football moment, and as a non-football expert (and a 49ers fan) I would compare the General to DeMarcus Lawrence from the Dallas Cowboys against what the US seems to demand is a Derrick Henry (Tennessee Titans), or even a Tom Brady (New England Patriots), roles that are not really moveable. Even as a Quarterback might become a really good Derick Henry that Quarterback will never become a DeMarcus Lawrence. The defence and offense game is that far apart. This is where Chris Inglis comes in. He is an analyst (at heart), he is used to counter offensive strategies and introduce strategies of his own (effective one’s mind you). I believe that this is the game that is in the open at present and these two will need to find a way to make it work. Not merely because it is good for the needed strategy, but because the segregation of the two elements might hurt U.S. Cyber Command in a few ways, not merely funding, but the elements that U.S. Cyber Command currently have access to will partially fall away and getting two infrastructures like the NSA is unyielding, unaffordable and in the end will introduce flaws and dangers on both sides of the isle making the setting (as I personally see it) a non-option right of the bat. Stratfor gives us a few other items.

One of them is “A best-case scenario for a U.S. cyberattack would be disabling computer systems and networks being used against U.S. interests to prevent an attack from happening or to disrupt an attack that is in progress“. The problem there is that some of the opponents are getting to be really good at what they do and a few of them are not state driven, not by any state changing the dynamics of the solution. Even as I discussed the hop+1 strategy almost three years ago, settings like that require an expert layer one knowledge and the players cannot both have these experts changing the needs of the infrastructure overnight.

The second consideration is: “Perhaps the main challenge to U.S. engagement in tit-for-tat cyberattacks is that the United States is by far the biggest target for such attacks“. That might be true but that goes beyond mere true enemies, it includes a truckload of students wanting to finger the man (or is that giving them the bird)? Do they really want to waste resources to those people whilst the US has actual enemies in the world?

The larger issue is seen with: “Discussing the strategy, national security adviser John Bolton hinted that the administration had already taken steps to bolster offensive efforts in recent weeks, warning that the United States is no longer just playing defense when it comes to cybersecurity. But despite the Trump administration’s more hawkish tone regarding cybersecurity, it will continue mainly to rely on traditional measures such as the legal process, regulations and cooperation with the private sector when it comes to cybersecurity” It is here when we get the consideration of the resources required. The defence, offense and legal sides of it all becomes a real mess if the two split up giving the chance that targets and issues walk away on technicalities. How does that help?

The strategy s even more profound when we consider “Clandestine, discreet attacks are certainly already key elements of U.S. cyber tactics. There have likely been more examples of U.S.-launched attacks that have not come to light, perhaps because they were never recognized as cyberattacks. While the less known about U.S. cyber capabilities, the more effective they will be when deployed, this by definition limits the deterrence value of U.S. cyber capabilities“, at this point is the setting of ‘discreet’ that comes into play. With the two separated they will get into each other’s fare waters and more important give accidental light to the discreet part of the operation, there will be no avoiding it, only the most delusional person would think that it does not get out when more than one player is involved, because that will always introduce a third item being the intermediary, the cold war taught many players that part of the equation. And that is even before we get to the statement: “recent cases like the September indictment of North Korean cyber operatives, which displayed heavy FBI reliance on private security firms such as Mandiant and Alphabet to collect technical evidence and carry out investigations“, now we see the folly as Mandiant and Alphabet are mentioned, the entire matter grows further as soon as Constellis becomes part of the equation. That is beside the point of realising (highly speculative on my side) that neither three Mandiant, Alphabet and Constellis have the required safe servers in place to prevent names, places and facts from going out into the open. I might not be able to get in, but there are dozens who will get in and that voids the security of the matter to a much larger degree. For arguments sake I will leave Booz Allan Hamilton out of that equation, they have been snowed on long enough.

And even as we see the instance of legal preference, the US must realise that any attack from state or non-state parties in China or Russia has close to 0% of being successful (outside of the exposure part), the entire matter in case of the OPCW in the Netherlands is one. An attack was thwarted, yet was it THE attack? The guardian article (at https://www.theguardian.com/world/2018/oct/04/visual-guide-how-dutch-intelligence-thwarted-a-russian-hacking-operation) reads nice, and we see all these facts and from my point of view, things do not add up. You see, I would have used the car that we see mentioned “In the boot of their car was uncovered an arsenal of specialist electronic Wi-Fi hacking equipment” as a fire and forget consumable, use it as an access point, segregating the hacker from the accessing unit. When you have (as they stated) “cash: €20,000 and $20,000” getting a second car far enough to access yet not be directly linked is seemingly easy enough. Then there is the setting of the photo at Amsterdam’s Schiphol airport. I am not debating the issue of the photo, it seems genuine enough. In this operation they did not fly to Germany and took the train, or take a car and cross at Oldenzaal, Emerich, or even via Belgium and enter via Antwerp, or Eindhoven. It almost read like they wanted to get noticed. They know that Amsterdam Airport is high tech and nothing escapes their camera eyes. To me (a paranoid me) it comes across as ‘Where did they not want us to look‘. A mere sleight of hand deception, and again the entire GRU mention. A phone outside of that building and they had the taxi receipt? No one merely driving them to the airport in Russia or even them taking a bus from any hotel in Moscow. No a taxi receipt of all things, is anyone buying that? So in this it is not the Dutch, it is the Russian side that makes no sense at all.

How did I get there?

This is the initial setting of offense and defence. The proper application of strategy in all this matters, because we seem to undervalue and underestimate the need of either in all this. Because we get to push a button anywhere and anytime we seem to underestimate on what is recorded, what is collected and what can we verify. That entire mistake is how any offensive strategy can optionally become folly from the moment the instigation of ‘press any key‘ to start gets us. Proper offensive is not about doing what needs to be done, it is about being able to prove who did what. Perhaps Sony remembers that part as they were given that it was North Korea did something, whilst their computers were not even close to PC gaming ready, the mere processor, which was about 25% (at best) of a 1994 Silicon Graphics Indigo system is not the system that gives you what you need to hack the night away. The tools are equally as important as the access and ability to negate identity. When you see that part, the entire hop+1 intrusion path makes a lot more sense.

This now gets us to the end of the Washington Post, where we were treated to: ““As the build of the cyber mission force wraps up, we’re quickly shifting gears from force generation to sustainable readiness,” Nakasone said in a statement in May. “We must ensure we have the platforms, capabilities and authorities ready and available” to carry out successful cyber-offensives. Some former senior intelligence and defense officials oppose separating the “dual-hat” leadership arrangement, including former NSA Director Keith Alexander, former Director of National Intelligence Mike McConnell and former Defense Secretary Robert Gates. This week, former CIA Director David Petraeus, a retired Army general, said during a Washington Post cyber summit that he’d keep the dual-hat arrangement “for the time being.”” It is not merely the ‘we have the platforms, capabilities and authorities ready and available‘, you see, when we get to capabilities we see the need of offensive players and even as Cyber command might be aces in their field, the offensive game differs to some degree and even as we see that they are way above the student levels, we get back to the Football equivalent you see the application of defence and offense. It is not DeMarcus Lawrence versus Derrick Henry, the question becomes can DeMarcus Lawrence be a Derrick Henry that is good enough, that is the battle within. The mere realisation that if you fail this when the offensive is broken into a train wreck that makes the limelight in every paper, that is the game that is the dilemma that Gen. Paul Nakasone faces as I personally see it.

And when we see Stratfor with the one little gem we did not consider, the mere proposed fact that North Korea has a mere 9,000 IP Addresses, do you really think that they could have done this all, or are we in a setting where someone had the ability to act on BGP hijacking and was able to mask it to the level it needed to be masked at, because that was the offensive play that needed to be considered and there was no way that the evidence had been uncovered to that degree with a backdoor could be removed with a simple reset of routers.

#FourtyNinersRule

 

Advertisements

Leave a comment

Filed under IT, Law, Media, Military, Politics, Science

Your GCC resume

Qatar remains in the news, some are looking at the $5.9 billion deal in Italian dinghy’s, others look at the cancelled deal to become an American Airlines stake holder and others like me are focussing towards the GCC futures. According to the Defence minister Khalid bin Mohamed Al Attiyah this setting is not in an increasing danger. The problem is not merely the GCC in itself, it is what you will not see in many newspapers, it is the overhanging impact on OPEC. The news given by Oilprice.com is “All GCC countries depend on stability in the oil and gas markets, which is evident from the recent OPEC deal. A full-fledged confrontation will, without any doubt, put pressure on the current compliance rate of OPEC members to production cuts. Doha will be able to sabotage the current 6+3 production cut agreement between OPEC and non-OPEC members. If Doha decides to join the ranks of Iran and Iraq, OPEC’s future will be in doubt” it is at the very end of the article (at http://oilprice.com/Geopolitics/International/Clash-Between-Qatar-And-The-Saudis-Could-Threaten-OPEC-Deal.html), yet that in itself is not the bacon maker, or if pork is taboo, it is the lamb to the slaughter. When we see: “The Arab criticism may have been less harsh if U.S. officials would not have put oil on the fire. U.S. Secretary of Defense James Mattis openly warned Qatar that it should change its support of the Muslim Brotherhood. Mattis also stated that U.S. president Trump is considering classifying the Brotherhood as an international terrorist organization, which could have a very negative impact on the U.S.-Qatar economic-military cooperation in the coming months“, this reflects right back to the pressures that the American players where trying to establish through pressuring the WTO issues as written yesterday (at https://lawlordtobe.com/2017/08/02/a-big-tree-in-the-desert/). Another source (Leaprate.com) gives us the links to Iran and re-elected Hassan Rouhani. Here we see “America’s new-found protectionist outlook and open contempt for the JCPOA, has put a question mark against its future, while Iran’s ties with Qatar, currently the subject of embargos by many neighbouring states, is a further concern for investors“, this is the part that most do not get informed about. Partially the US has a valid point as the previous president of Iran was openly waging war towards the US and against the state of Israel. The dangers as I gave them years ago, especially in the light of the nuclear treaties is not how good or how reforming the newly elected President Hassan Rouhani was, it is the issue about the next person, who will get the presidential trophy in 2021 and what happens then? This is the long term worry, most will agree that one extreme leader on the edge of insanity is good enough and keeping that person in North Korea is for now the best place.

Yet, that was not what this is about, when we consider that the JCPOA (also known as Joint Comprehensive Plan of Action), we see the given by Ali Akbar Salehi with ““After JCPOA, our oil production has soared from 1 million barrels per day to 3.9 million bpd,” IRNA quoted Salehi as saying on Sunday, two days after the two-year anniversary of the action plan. This marks a success for Iran’s oil-based economy in reclaiming its market share lost over the years of sanctions“, the issue is that this directly opposes OPEC with “All GCC countries depend on stability in the oil and gas markets, which is evident from the recent OPEC deal. A full-fledged confrontation will, without any doubt, put pressure on the current compliance rate of OPEC members to production cuts” for the UAE and Saudi Arabia that is a problem, as Iran has increased its production by nearly 3 million barrels a day, the other players have to decrease even more, which means that they are hurting well $150 million a day or we will see the pressures shift all over the Middle East, which is not good for America (or the UK for that matter), because that impacts what Saudi Arabia can buy, and the monthly $4.5 billion is partially for the hardware delivered and expected before December 2017, so as these sales paths are impacted, we will see a level of hurt all over the weapons of mass consumer requirements market.

So we have valid and greed driven concerns regarding Iran, in this the Qatar issue does not help and the play that the US is making as we see it should not be considered as a beneficial path. No matter how valid the present situation is as we see it given through the Russian Academy of Sciences, Stanislav Ivanov is giving a present truth with “The main line of Tehran’s policy is to get out of sanctions and gradually restore its economic and financial potential“, we do not deny this, yet the past decades was about setting the pressures to Iran as the western nations had to deal with extremism, in addition to the funding that Iran gave Hamas as it kept on attacking the State of Israel, there are ample issues in all this as the strategic setting before 2021 (Iranian general elections) could face the US, Israel and Western Europe with an economic revitalised Iran, which will be pushing the players back to square one if that seat will become the sitting arrangement for another Mahmoud Ahmadinejad, which is not out of the question.

When that happens, those with a GCC resume, with or without references to OPEC might wonder where their employability resides. Now, if they have been smitten with a 7 figure annual income, they might not care, yet those without that part for at least 4 years might need to scrape by, having to live on $40K a month for the rest of their lives. I can advise these people that it can be done, if they shed the 4 luxury cars (Ferrari, Lamborghini, Maserati and Bentley), give up their membership in the Yas Links Golf Club, Almouj Golf and The Majlis, Emirates Golf Club as well as their 4 bedroom apartment in Riyadh and they are already half way there. So how serious is this? Well, it is actually a lot more serious than most people realise. When we consider that the GCC is a realistic target for cyber-attacks and cyber terrorists, Raytheon is setting up technological barriers to thwart to some degree these plans. the issue is not what the presentations give, whilst we do not oppose of attack the stance that CEO Thomas Kennedy has, the quote (source: Raytheon) “It has since reinforced its cybersecurity capacity with the purchase of 14 companies. In 2015, it acquired a company called Forcepoint (previously known as Websense and Raytheon|Websense) to enhance its commercial presence. This is now the world’s second-largest privately-held cybersecurity firm. Raytheon recently secured a five-year, $1bn contract for the US Department of Homeland Security to help defend “.gov” websites from cyber-attacks. Now the goal is to bring that working knowledge to the Gulf” is merely showing a deficit in the technology. Acquisition is a partial solution to any cyber given industry, the given premise to survive is not what can be bought today, but what must be developed for tomorrow. You see the firms that have that focus tend not to be for sale in the first place. Whilst Raytheon’s focus is very valid to catch up, it is much less a solution for those who are arming themselves for tomorrow, their own missile system department can teach them that part. It is not merely about the technology, it is the development of new systems in cloud and non-repudiation that will give the GCC and other gulf places the edge to be ahead of the cyber-attack curve. A partial issue is found with “We have one of the best data-leakage protection systems in the entire cybersecurity field, and we combine this with our insider-threat behaviour system, which detects suspicious activity and ensures IP and data is not compromised“, which might be non-false, yet the events as Sony has seen shows that the reflective comments are from a behind the wave assessment, with HBO being an example as they were hacked a few days ago. The one provider that relies on cyber security as it sells its value through Netflix is now giving Vanity Fair “When Netflix was hacked earlier this year, the cyber-criminals behind the attack demanded a ransom. But there was no such demand in the hack that struck HBO over the weekend, and the sheer amount of compromised data has led some to believe that video footage, internal documents, or e-mails could be leaked next. The premium-cable giant is working with the F.B.I. and cyber-security firm Mandiant to investigate the breach, in which hackers claimed to have stolen 1.5 terabytes’ worth of data“. This is what Raytheon is up against, not some access issue, but stopping the drain of terabytes, basically every part of the GCC removed in mere hours, whilst the cyber minders were in the dark until after the event and the quote that follows (at https://www.vanityfair.com/hollywood/2017/08/hbo-hack-seven-times-larger-sony) “A traditional business-grade D.S.L. link would take about two weeks at full blast to exfiltrate that much data,” Farsight Security C.E.O. Paul Vixie told T.H.R. “If not for video and sound, a corporation the size of HBO might fit [entirely] in a terabyte, including all the e-mail and spreadsheets ever written or stored.” Another expert added that the entire Library of Congress contains an estimate of 10 terabytes of print material—so it is almost certain that video and/or audio were stolen“, this directly reflects on Raytheon. It is not what we know it is what others have figured out that is the issue. Whether it was through frame leaking, through cloud replication, there are issues that remain non-secure, even as security is at the top of the salespersons mind. There is a need for a new designed system no longer merely on access, but on ‘bio wired’ non-repudiation that is driving the need for evolution and these sales forces have remained in denial as it is something that they cannot offer at present, so they reflect on it as being a non-solution, a non-reality. They stick to the solutions that they can sell now and that is where the GCC finds itself, the lack of visionary evolution of data systems.

So when Raytheon gives their next presentation and someone at the GCC asks “How can we assure that the Bolero electronic Bills of Lading are not stolen or corrupted?” what happens then? Will that person at GCC need to write his resume tout suite, or will his superiors realise that the question was valid and that this situation is an immediate threat to the GCC members? Because in this day and age where extremists are all about the attack on infrastructures, the Bolero Title Registry, the repository and application that manages the transfer of title of the eBL is a clear weak point. Ones the recipients are scrapped and the cargo gets locked down, the ship will have two issues. The first being that the ownership cannot be transferred, you might think that this could be solved in a few days, and that would be right. The direct consequence is that the transfer of oil stop would cost an additional $578,000 in port charges, twice the amount in addition for pilots and towage fees. And as they are moved around additional costs will be incurred, that is apart from the issue that the delays bring and when a visionary does find the way to reset ownership, the delivery of 1 million barrels comes down to a nice $50 million fee, that optionally went somewhere else.

The one place where cyber security was essential is as given in indications running behind and not catching up; the only way to do that is to get ahead of it all. Now, as stated, this is not an attack on Raytheon, this is merely the direct issue on the business need to set serious cash into evolving the new systems to be ahead of the curve and be in a state where the hackers learn that it is not merely about access, the nice part of adding a new ‘language‘ to the plot is not to delay their invasion, it become to take away their comprehension of what they see (hopefully for longer than short term). You see, I have loved Cisco solutions, but they all talk the same language and their precise documentation have been a real assist on those with no-good intentions, we merely need to ask Google ‘what does a cisco frame look like?‘ and we get so much information, enough for too many to get to the heart of the matter and in the early stages of the internet that was a really good thing, we need to move beyond certain settings and push towards dedicated systems that have additional layers of protection, now that might be a mere delay, yet consider what is being protected. How willing are you to keep data safe? Not merely oil data of ownership, in the age of Netflix whilst hackers are streaming the episodes by the dozen, depriving places like Sony and HBO from valid revenue, revenue they invested in, the game needs to be changed. We have seen the uselessness of some governments as they were facilitating towards the communication sellers on bandwidth; we need to change the game regardless of those players. One way to do that is remove their existence to impact. Google did that to some extent, but not to the extent needed. As we realise that providers are 15 dimes to the dollar, we need to set a different scope, not merely in the cloud, but in the need for dedicated non-repudiation. Only then can we make a first effort to push the boundary towards a safer zone. And perhaps Raytheon will bring that to the table, the fact is that we do not know the player that delivers the need of tomorrow today, we merely know that it will not be Beaker bringing it (a Muppet Show reference). In this the ‘evidence’ can be seen when we realise that Raytheon gives us John D Harris II and his view on how forward thinking Talon laser guided rockets are. Yes John this was really the need for Cyber safety! As we consider the issue beyond point-to-point communication. In addition the $100m development program reads sexy for your bonus, yet the issue is data, both at rest and in transit. There are the issues, not in the rocket man shooting by a member of the UAE air force. So as we moved from certain parts of the GCC, via Iran to other providers, we need to see and comprehend that there are several players, all with their own agenda, a perfectly sound and valid situation, yet when we see that stability is centre in all this, destabilisation will impact both the GCC members, the OPEC members and when the overlap is shown (those in both), we need to realise that Iran and Iraq will not care about the needs of the GCC, they are not part of that, which ties hands of the six GCC players and in that Qatar is the centre of the seesaw that the 6 members prefer to have in some level of balance, yet the issues as we are seeing them escalate will impact all the given needs for all the players having their ‘own’ needs to satisfy. None of that is likely to happen any day soon. We could see the US and both their needs towards JCPOA and the WTO as an opposing issue, one that is not beneficial to the GCC or the Qatar issues as they are playing. I cannot say what the GCC members should do next, but it seems to me resolving some parts and creating a new initial balance is the best way forward. This gets me back to the question phrase yesterday. If each of the 4 members could phrase one issue to resolve by Qatar, what would that be? If Qatar can get the conversation started on that, as merely a first show of good will, yet from my point of view, if they Promise to have a good look at Al-Jazeera and do some immediate reforms there as a first step of good will towards the four opposing parties, it might just be enough to reduce tensions and give time for non-escalations to settle and as such forward momentum in resolving issues will be found. In my view it would leave Qatar in a much better view by all other players and global non players. It will open the doors and perhaps that is a good beginning, merely a good beginning, but more than we have now.

And none of this, none of my views were set to painting any of the players as the bad people, merely a path to find the track towards profit and growth, profit for all the players and economic growth for all of them. In all this the one question that is forming in my mind is that Oman has been the one GCC member that is outside of the equation to some extent, could they be a mediating party in all this? I actually do not know the answer; I am merely voicing the question that I have not seen in the news. You see when you realise that Crown Prince Mohammed bin Salman has been the driving force behind Vision 2030, the economic diversification strategy. Is that something that a nation like Oman could see benefits in, when we consider diversification, when we realise that this impacts range of products as well as field of operation. Would it not be interesting how this view could be beneficial to the Middle East as a whole? In all this, as the driving force surpasses boundaries, is that not a field of economic diplomacy to see it grow? To push forward momentum is to find a place and subject of discussion, in my view it would be to find a topic many can agree on, a topic that is always a hard sell in most occasions and it seems to me that oil dependency is always a good option for those realising that it is the only thing they offer, by adding more options, any nation connected is merely opening paths to more stability and more opportunities, especially when these paths can be sold to nations seeking more than oil, which is close to every nation on the planet. Finding a place of stabile growth is the best product any player is ever likely to sell. In this stability is a lot more sexy than quick gain, especially on Wall Street and they are having too often too much to say on that matter. As we need a different language in the cyber world, it is clear that outside of that world a common language is the only solution. The question becomes what language and how to start the conversation, even those setting up their GCC resume right now. That is a fact as it is a resume that they want everyone to read, a comprehensible common ground is the first step in this.

 

Leave a comment

Filed under Finance, IT, Media, Military, Politics, Science

What news is news?

There are several pieces, not just in the Guardian, the BBC, the Independent or the Times. They all tell us that they have news, but do they have any actual news? The Guardian shows us a tech article (in the Tech section) called: ‘the node pole: inside Facebook’s Swedish hub near the Arctic Circle‘, all innocent news, one could surmise that it is just a space filler. Or was it done to give extra view to the article ‘Facebook is making more and more money from you. Should you be paid for it?‘, or perhaps to give extra light to ‘Facebook case may force European firms to change data storage practices‘, which I gave my views on in my previous blog. You decide!

In the business section we see VW to get some centre stage, which makes perfect sense and that is just the Guardian. The independent also has a go at Facebook, but now has a go at its users, well, actually it is not the Independent, but the employee tribunal. Now the article shows all kind of signs of bullying, which is never OK and in that regard Rachael Roberts has a real case, but in light of the events, Mrs Bird does not seem to be a friend of Mrs Roberts, so why is the act of unfriending on Facebook the killer? Yet it is the quote “But employment lawyer Josh Bornstein told ABC news the unfriending incident was found to be workplace bullying in the context of several other issues“, which baffles me, if they are not friends, one or the other could unfriend the other party, that part seems clear cut to me, not bullying. So out of the 18 allegations of bullying in total, the unfriending in Facebook took the cake? It does not add up to me!

In addition we see two whole articles on Facebook being down and oh yes, the new iPhone is for sale! Let’s not forget the fact that the iPhone now allows for sextracking. So, parents buy your boy or girl on of these bad boys so you can find new ways on how you are about to become a grandparent! Really? You need to keep scores on your phone now? Didn’t Ashley Maddison teach you anything regarding sex that is on the internet, everyone will know soon thereafter?

Finally they also gave visibility to ‘Hospital apologises for removing RAF sergeant from A&E because uniform could ‘upset’ patients‘, which is a can of worms in its own right. In that light I expect the NHS to move all drug and binge drink casualties to their basement as not to invoke bad thoughts from the Presbyterian community. How insane was the idea to move a wounded RAF sergeant in the first place!

All these events, some are actually news, but no one seems to have any balls. No one is looking at Pricewaterhouse Coopers. Which of course ties in nicely with the words of the Dalai Lama ‘Dalai Lama on Britain’s policy towards China: ‘Where is morality?’’, the answer might not be such a high moral one, it goes a little like “Who is willing to suck the smallest extremity for the good of one’s career?

To some extent we can accept that the SFO is silent, only to the smallest extent. You see Tesco is dealing with a write-off of £6.4bn, which of course is massive. We have seen all the news on how some former Tesco entities are getting grilled (as they should) but the press on many levels in many nations keep on rehashing the old news and no one is digging into PwC. No one is digging there. Does that not sound awfully weird? Yet here is the kicker, we see more and more messages like ‘Multinational tax avoiders targeted’, with quotes like “while the American Chamber of Commerce in Australia warned about throwing up new hurdles in what is already a high-cost economy. The chamber’s board includes representatives from ConocoPhillips, GE, Boeing, PwC and Exxon Mobile“, yes it seems it is never a good time to go after tax avoiders (not to mention the impact it has on the bonus benefits for those working in that part of the financial branch).

Before you whisk this away as mere banter (which you are of course allowed to do), take a look at this article that is a little over a week old. It is from the Wall Street Journal, which I do not look into too often. The article (at http://blogs.wsj.com/cio/2015/09/15/the-morning-download-identity-theft-key-to-attack-on-cisco-routers/) called ‘The Morning Download: Identity Theft Key to Attack on Cisco Routers‘, starts with: “Good morning. The international attacks on Cisco Systems Inc. routers, disclosed earlier today by security firm FireEye Inc.’s Mandiant unit, began with the theft of legitimate network credentials. Securing and managing the identity of network users continues to be a massive challenge for CIOs and CISOs and ultimately, the CEO and the board. The attacks have been named ‘SYNful’ because of how the malicious software moves across routers using their syndication functions “Cisco said SYNful did not take advantage of any vulnerability in its own software. Instead it stole valid network administration credentials from organizations targeted in the attacks or by gaining physical access to their routers,” Reuters reports today. Mandiant said in a blog post that it had found 14 instances of router implants, which replace Cisco’s operating system

Now, to complement that statement, I will add the following. On June 5th (more than 3 months before the WSJ article), I wrote ‘In reference to the router‘ (at https://lawlordtobe.com/2015/06/05/in-reference-to-the-router/) , here I stated: “Soon thereafter no more firewall, no more routers, just the bliss of cloud servers and data, so much data!“, which reflected on the article I wrote on February 8th (more than 7 months before the WSJ), there I wrote “I think that ‘hackers’ have created a new level (as I mentioned before). I think that Cisco IOS was invisibly patched“, (at https://lawlordtobe.com/2015/02/08/the-next-cyber-wave/). I was literally accused by some to be insane, there was no way that this would EVER happen. Now we see in the Wall Street Journal: “Mandiant said in a blog post that it had found 14 instances of router implants, which replace Cisco’s operating system“, interesting how I am now proven correct. Are the members of the Baboon family (usually found in the FBI) reconsidering their North-Korean option? Let’s face it, this took top level skills, we can (as I pointed out in the past) find those boffins in the US, UK, FR, the FSB and Chinese Intelligence, however in North Korea not that much!

The Reuters article shows a lot more (at http://www.reuters.com/article/2015/09/16/us-cybersecurity-routers-cisco-systems-idUSKCN0RF0N420150916), however, they are just rehashing something I stated for almost a year, the quote ““That feat is only able to be obtained by a handful of nation-state actors,” DeWalt said, while declining to name which countries he suspected might be behind the Cisco router attacks” adds to my view that I was correct all along (finally another ‘I told you so!’ opportunity). The only difference is, is that DeWalt includes Israel, I have no real quality data on the Israeli cyber capabilities, so I am willing to give him that one. Finally we should consider the quote “Infected hardware devices include Cisco routers 1841, 2811 and 3825“, which is fair enough, yet in my article I offer the option that the CF unit found in nearly EVERY router could also open doors, so the danger could in theory go far beyond those three routers.

I also stated that my thoughts were based on sound speculation. You might wonder what sound speculation is. Basically, it means that even as I might not have them skills to program, I do understand that my solution is viable, the fact that routers are getting programmed with a new OS is clear evidence of that. In addition, it also gives weight to two infestation systems I speculated on as well as the weakness that those believing in the cloud are not realising at present. I was willing to look beyond the veil, a side everyone ignored. Yet when a router can be reprogrammed to the extent it was, also clearly means that data in motion is no longer safe, which means that pretty much any cloud data can be gotten too, the user only has to access the file to make that happen.

I even had a thought on dealing with the Iranian glow in the dark power plants when the time is there, just by thinking out of the box. It does involve a Piranha valve (which actually already exists in name, but mine is so much cooler). None of this is newsworthy, speculative opinion one might state. Yet in my speculation, I have shown solutions to be real in several occasions and in addition to that I also clearly outlined long before the press decided to show the minimalistic amount of balls (read testicles), that a look into Pricewaterhouse Coopers was adamant. It seems that apart from a December 2014 message from the SFO (rehashed by nearly all papers) not much happened, apart from that news, the press at large stayed clear of mentioning PwC and Tesco in one sentence. Is that not utterly weird?

Of course the luggage of someone’s mum in Tenerife (shipping at £122) gets front seat exposure, yet, the issue on £6.4bn getting lost due to assistance (better stated too weak opposition) by Pricewaterhouse Coopers seems too trivial to keep pressure on. Way to go Consumer Champions, Money! I actually mean that! They did do a good job and they have done so in the past, yet I fear that a letter by Dave Lewis on how his firm lost £6.4bn as the keeper of his books was not prudent, or is that tenacious enough to ring that bell very loudly when things looked too odd. Will Consumer Champions find that money? Will they write “Pricewaterhouse Coopers must accept responsibility for the signing off on books as the “accountant”?” Consumer Champions might not get this done, which is fair enough. It should not be on their plate, but the parties this should be very visible on are also not doing anything as far as we can tell, they remain silent, they remain this silent after 9 months.

Yet in all this there is one part both the Guardian and the Independent are getting right. It is the news on the NHS, there are massive problems and knowing them all is essential in finding a solution. In this matter the press has played a good role. In my view exposing former and current politicians a little more on the political game they play, so that we all understand that a proper solution is needed and taking the politicians out of that equation might not be the worst idea, the end result stays the same, the NHS is now too close on the edge of collapse to be acceptable, yet where lies the solution? Although I understand the issue the Independent shows, I partially disagree. The headline ‘New NHS junior doctor contract would discriminate against women, senior medics warn‘ is not incorrect (at http://www.independent.co.uk/life-style/health-and-families/health-news/new-nhs-junior-doctor-contract-would-discriminate-against-women-senior-medics-warn-10516885.html), yet in all fairness, the quote “Under the new contract, trainees who decide to work part-time would see their pay increase more slowly than their colleagues” is a can of worms! Why would my co-worker doing 32 hours get the same raise as myself working 60 hours? (Remember, I am not a doctor). A choice was made! Yet, there is a level of fairness here too. Which means that to tackle it should be done in another way. Even as there is a shortage, the burnout of physicians is a known issue and making a maximum of 40 hours a week a mandatory status could be close to the only solution. Perhaps we have been too indulged, perhaps some options should only be there during the week. Perhaps the change to healthcare is essential (like hiring 40% more staff), but we also accept that at current not one government remains to afford that change (well perhaps Easter Island where there are less than 10 doctors). In the end the system has been ignored for too long. Too many politicians are on the ‘let’s get the computers up and running‘ whilst they know that staff will remains a problem for a long time.

That is news! That is what matters, but too many papers and too many news broadcasts are about the emotions and not the actual news that matters. That might be an incorrect view and a very biased view. It might be that some news is more important than other news parts, I will instantly agree, yet in all that the complete silence from pretty much all the papers regarding Tesco and some involved book keeping parties remains a mystery to me, how is that part not news? We will see more events that will not get the proper light in newspapers, both in paper as well as online, I’ll let you decide how that measurement applies to an involved party to events that started a £6.4bn downgrade.

 

Leave a comment

Filed under Finance, IT, Law, Media, Politics, Science

Slander versus Speculation

There is a lot wrong in this world, we cannot disagree with that. Soon we might see rental prices go down in London, because of Superman (the New Ecstasy), yay to those needing an apartment, being free of drugs was never so nicely rewarded! So is this speculation, or slander?

We could debate my sense in taste (many have for decades), yet in the firm juridical ground, when can speculation be regarded as slander?

That part is more and more a question when we consider the US sanctions against North Korea. Oh, and perhaps we forgot to mention that Sony Is a Japanese firm (even though the crime was on US soil), giving additional spotlights to the reasoning of certain actions. Consider the following sources. First let’s take the BBC (at http://www.bbc.com/news/world-us-canada-30661973). Here we see sanctions against organisations and individuals. First there is “Jang Song Chol: Named by the US Treasury as a Komid representative in Russia and a government official“, then there is “Kim Yong Chol: An official of the North Korean government, according to the US, and a Komid representative in Iran” and last there is “Ryu Jin and Kang Ryong: Komid officials and members of the North Korean government who are operating in Syria, according to the US“. Now the article ends with the most hilarious of all quotes “White House officials told reporters the move was in response to the Sony hack, but the targets of the sanctions were not directly involved“.

So the White House is within this part confessing to the breach where they are targeting innocent civilians (of that crime at least)? Can anyone explain to me how this is anything less than legalised slander? Consider that if (not when, but if) they ever figure out who exactly was responsible for the Sony hack (the actual individuals involved), how the US government could be held responsible in any court of law for this. Consider this part (source was the APA of all places, at http://www.apa.org/about/gr/issues/violence/hate-crimes-faq.pdf). “Current federal law defines hate crimes as any felony or crime of violence that manifests prejudice based on “race, colour, religion, or national origin” (18 U.S.C. §245). Hate crimes can be understood as criminal conduct motivated in whole or in part by a negative opinion or attitude toward a group of persons. Hate crimes involve a specific aspect of the victim’s identity (e.g., race)“. If we clinically look at the facts, then these acts are a hate crime against North Korea.

Now, let’s be fair as well. Most will not care, I reckon that the North Koreans might not even care, but this act does remain a legal transgression!

Let me show you why (because without reason, there is nothing), part one is found in yesterday’s news in the Guardian (at http://www.theguardian.com/technology/2015/jan/02/sony-hackers-may-still-access-computer-systems-the-interview).

Here we see the following parts:

  1. Sony Entertainment is unable to confirm that hackers have been eradicated from its computer systems more than a month after the film studio was hit by a debilitating cyber-attack, a report says

So not only has the hack occurred, it is very possible that the transgression and the damage is currently still ongoing, in addition, one of the most watched and scrutinised nations is still accessing Sony? Not one press agency is asking the questions that matter. For example, there was some visible Press Tour into North Korea (must have been around when Kim Jong-Un was elected big boss in 2011), when we saw some of the filmed events there, we saw North Korean officials in total disbelieve that a smartphone could take photographs and these people walked over Sony’s cyber security?

Now we get to the Chief Executive of Sony himself, his quote gets us the following:

  1. “It took me 24 or 36 hours to fully understand that this was not something we were going to be able to recover from in the next week or two,” Lynton told the Wall Street Journal

So this was not a mere grab for data, this is a system paralyses of sizeable renown, the hack was so complete, high paid executives could not get their minds around the events. So, are we still looking at North Korea? Basically this requires an evolved form of ‘stuxnet’, the hack was seemingly more complete then the stuxnet virus could achieve. We now have only three players left. Russia, China and whatever hacking organisation walks around within the US and its allied nations. How is North Korea anything else but a mere puppet for slander? Whilst some people are possibly hiding their lack of skills, and likely other people linked to all this are trying to cover up issues that have been ignored ever since the first hack of 2011 (the Sony PSN hack). By the way, I am using stuxnet as a comparison, I have zero knowledge how the transgressions was done, but we can all agree it was way beyond a normal level of sophistication.

Yes there is another scenario and I will get to that soon, North Korea is not off the hook yet!

You see we have been looking at the event, but not at the capital involvement that is two tiered at present.

  1. Sony’s network is expected to be fully operational within the next two months but hackers have so far released only a tiny fraction of the 100 terabytes of data they claim to have stolen“, so not only will it take months to repair security measures, the fact that the new fences are there are still no guarantee that the data remains safe.

When gets us to the first tier. Data! Someone streamed 100 Tb, which is more than just a number; it would require every PlayStation 3 on the planet to download up to 2Mb. The fact that this is not monitored, or that is got through to this extent, is a first view that this was no mere trifle event. And even though 100,000 Gigabytes seems small when compared to the PSN issues, it becomes interesting when we consider that the PSN had been hit more than once, but as those members did not all download, where did all this data get syphoned to?

Now we get to the one part that might be regarded as tier two. You see, it is not just the amount taken, which takes a good server park to store, it goes back to issues I discussed in regards to piracy and the parts I mentioned in my blog ‘For our spies only!‘ on September 26th 2014. There I stated “in the end this is NOT about copyright, this is about bandwidth“, the big players all knew it and they were all very concerned if such events would start to get measured and logged. Now someone casually walked away with 100,000 gigabytes of data?

Before I restate, it was not North Korea, let us take a look at another article by the Guardian in that regard. The title is ‘North Korea may have hired outside hackers for Sony attack, says US‘ (at http://www.theguardian.com/world/2014/dec/30/north-korea-hackers-sony-pictures-cyber-attack) and it was written on December 30th. Now we must consider the following: “US investigators believe that North Korea most likely hired hackers from outside the country to help with last month’s cyber-attack against Sony Pictures, an official close to the investigation has said“. The operative word is ‘believe‘, they just do not know. As a speculation that would be my guess as North Korea does not have the skill needed for this, not even close. By the way, those hackers might want to get paid, how will North Korea do that, or perhaps that is beyond US oversight too, because it would be a sizeable amount for something this complete.

The next part is the part that opens the discussion ““The FBI has concluded the government of North Korea is responsible for the theft and destruction of data on the network of Sony Pictures Entertainment,” it said in a statement“. The first question: What evidence?  As stated before, North Korea is lacking in many ways, the fact that they hacked past Sony to this extent, whilst at present no guarantee can be given that the systems are secure at all, whilst North Korea has been watched 24:7 for a long time now gives rise to the demand of evidence showing the guilt of North Korea. So, they are seemingly better than the cyber divisions of both Russia and China? I am not buying it, in addition, the fact that the article implies that outside help was engaged for a hack this thorough leaves us with two thoughts.

  1. If true, where is the real balance of power in cyberspace, because this now implies that North Korea is a real player, even though no one (including people a lot more intelligent than me) have concurred that North Korea does not count when it comes to the internet and cyberspace.
  2. If false, what incompetence is the US hiding from us all and is that not the true crime?

Consider this quote (from the Guardian article too): “Some private security experts have begun to question whether Pyongyang was behind the Sony cyber-attack at all. The consulting firm Taia Global said the results of a linguistic analysis of communications from the suspected hackers suggested they were more likely to come from Russia than North Korea. The cyber security firm Norse said it suspected a Sony insider might have helped launch the attack

I cannot disagree with Taia Global, as this could be Russia hitting back at US sanctions, but that would be speculation on my side, I also very much agree with Norse. Consider that if someone walks into a bank vault and it is empty. There was no sign of break in, the doors were not forced. At this point the police and the FBI will initially look at ‘the insider’ plot. It makes perfect sense. To get past the Sony server parks to this degree someone was giving aid in some way. Initial passwords, the network structure, because if that was not the case there would be a lot more logging evidence to giver clear view whether North Korea was guilty (or not involved).

Mark Rasch hits the nail on the head with this quote ““I think the government acted prematurely in announcing unequivocally that it was North Korea before the investigation was complete,” said Mark Rasch, a former federal cybercrime prosecutor. “There are many theories about who did it and how they did it. The government has to be pursuing all of them.”” there is the crux, the mention of theries on who did it. Even if it is outside help, Russia would still make more sense, the Russian Mafia could be the front for cashing in on selling the data, they pay commission to the people ‘hurt’ through US sanctions, they are looking at the least likely suspect because of a comedy, one that I (and many others) had not even heard of before these events.

It is the last quote that is food for thought from Kevin Mandia of Mandiant “Mandia, who has supervised investigations into some of the world’s biggest cyber-attacks, said the Sony case was unprecedented. “Nobody expected when somebody breaks in to absolutely destroy all your data, or try to anyway, and that’s just something that no one else has seen,” he said

That part is not entirely true, I remember the DBase virus of 1988, I remember some people who had fallen victim to them, a garble parser that does not show until the virus is removed, it leaves your data garbled from that point forward. There was also a data virus in the 80’s. I forgot the specifics, but whilst most viruses would attack ‘.com’ and ‘.exe’ files, this one would attack data files, until that day a truly scary moment. So, it is not entirely unprecedented. Consider, if you copy someone’s data, the best sale is to sell it to the competitors, yet, what happens if the owner no longer has that data, does that not drive up the price? Yet, it is bad tactics, to copy in secret and resell it all makes perfect sense, the fact that these events happened, whilst Sony IT, the Cyber divisions of the FBI and others are not able to track the events is something very novel. It is a first to this degree, do you now understand why it makes no sense to accuse the one nation where we see this as their highlight: “Aug 6, 2013 – North Koreans hungry for tech skills are buying up used desktops on the black market, these desktops smuggled in from China have become a much sought-after item in North Korea“, this is the nation that thwarted one of the biggest cyber power players?

People please wake up. The question becomes what was real? I call my version insightful speculation. I have been involved in IT since the 80’s, this level of hacking requires serious system skills with in depth knowledge of all layer one components (hardware layer), if we ignore the inside job part, this takes North Korea out of the loop, it also removes a massive amount of hackers of the table too. It requires the skills we would require to see from people at the NSA and other high tiered cyber firms. From these facts I come to three options:

  1. The hackers are a new level of hacker with the ability to get past the security of nearly any large firm and government data system.
  2. Sony has been criminally negligent and the US is willing to ‘aid’ this Japanese firm for a price.
  3. A simple inside job (possibly even a disgruntled employee) with links to organised crime.

Please feel free to give me a valid fourth alternative.

 

1 Comment

Filed under Finance, IT, Law, Media, Military, Politics