Tag Archives: North-Korea

In light of the evidence

We tend to accept facts and given situations whenever we have a reliable source and a decent level of evidence. The interesting side is that howling to the moon like a group of sheep hoping the lone wolf will not hear them is an equally weird revelation. The question becomes at that point, who is the lone wolf and who are the sheep, because neither position nor identity is a given. Now, for the first art, we have the Guardian article (at https://www.theguardian.com/politics/2017/may/27/eu-theresa-may-combat-terror-brexit-europol), with the expected title ‘We need deal with the EU to combat terror, experts tell Theresa May‘, which of course gets them the DGSE, yet the usefulness of the rest becomes a bit of an issue. For this part we need to look somewhere else, and we will do that after the given quote in the mentioned article “Although our partnership with the US for intelligence sharing is extremely important, the fact is that the current terrorist threat is very much a European dimension issue. The Schengen database and knowing about who has moved where are all intimately dependent on European systems and we have got to try to remain in them“. This could be a valid and valued statement, yet is that truly the case? For this we need to take a little gander to another place of intelligence and Intel interest. The Cyber monkeys, or is that the cyber-mercenaries? The difference is merely a moment when you WannaCry 1.4. You will have heard, or perhaps read regarding the NHS as it was struck, here again we see: “However, it instead appears to be down to organisations and individuals failing to run keep Windows up to date“, which was actually voiced by NHS Digital, the failure of policies as they were not adhered to by IT staff, or at least those responsible for keeping those PC’s up to date with patches. The second quote given much earlier in the IT article is ““To be abundantly clear, the recent speculation concerning WannaCry attributes the malware to the Lazarus Group, not to North Korea, and even those connections are premature and not wholly convincing,” wrote James Scott, a senior fellow at the Institute for Critical Infrastructure Technology (ICIT)“, which is where I have been all along. The one nation that has less computer and internet innovation than a Nintendo GameCube sets this level of hardship? It is just too whack for thought. It is the quote “At best, WannaCry either borrowed heavily from outdated Lazarus code and failed to change elements, such as calls to C2 servers, or WannaCry was a side campaign of a minuscule subcontractor or group within the massive cybercriminal Lazarus APT” that changes the game. In addition we see: “The publication referred to “digital crumbs” that the cyber security firm had traced to previous attacks widely attributed to North Korea, like the Sony Pictures hack in late 2014″, we will exclude the quote “Shadow health secretary Jon Ashworth has said Labour would invest an extra £5 billion into new IT infrastructure for the NHS, after hospitals and services were affected by the widespread Ransomware attack on Friday“, especially as Labour had in the previous government wasted £11.2 billion on an IT system that never worked, so keeping them away from it all seems to be an essential first.

The issue is now in several phases. Who got hit (those not updating their systems). It affected according to some sources thousands of systems, yet when it comes to backtracking to a point of origin, the Cyber Intelligence groups remain unclear. The IT article (at http://www.itpro.co.uk/security/28648/nhs-ransomware-north-korea-may-not-be-behind-wannacry), gives us a few things, yet the clear reference to the Guardians of Peace, the identity the hackers had given themselves in the Sony event gives a few additional worries. Either this is clearly a mercenary group without identity, or we have a common new issue on identity when it comes to Cyber criminals. You see, as we see more and more proclaiming the links between the Lazarus group and North Korea, we do not get to see a clear link of evidence. Many sources give us ‘could be linked‘, or ‘highly likely‘, which is an issue. It makes the evidence too shallow and circumstantial. The NY Times gives us (at https://www.nytimes.com/2017/05/22/technology/north-korea-ransomware-attack.html) yet they are basically stating what Symantec game us and mention that. My issue here is “But the hackers left behind a trail of digital crumbs that Mr Chien and his colleagues had traced to previous attacks by the Lazarus Group“, what if the crumbs were an intentional side? You see, the quote “another group of hackers that call themselves the Shadow Brokers published the details of National Security Agency hacking tools that the WannaCry hackers were able to use to add muscle to their attacks” give a different light. The fact that there is a team reengineering tools and flaws to get somewhere fast is one. We have seen the lack of actual cyberpower of North Korea in the past, the fact that they are regarded on the same level as Chinese Cyber forces is a bit silly. You see, any country has its own level of savants, yet the fact that North Korea, a nation as isolated as it is, gets to be on par with China, an actual superpower that has Cyber infrastructures, experts at the University of Shanghai (the white paper on cracking AES-256, 2001), as well as a growing IT technology base is just a little too whack.

This now reflects back to the European need of Schengen. The UK needs quality intelligence and with the US breaches of Manchester, the fact that no high quality evidence was ever given regarding the Sony Hack, the growing source of all kinds of hacker names and no validity or confirmable way to identify these groups leaves us with a mess that pretty much anyone could have done this. In light of the NSA flaw finders, there is now more evidence in the open giving the speculative hacker as one with skills that equal and surpass people graduating with high honours at MIT, than anything North Korea could produce. It does not put North Korea in the clear (well the fact that the generals there had no comprehension of a smartphone should be regarded as such), and as we see the entire Bitcoin go forward, we need to take more critical looks at the given evidence and who is giving that evidence. We all agree that places like Symantec and Kaspersky should be highly regarded, yet I get the feeling that their own interns know more about hacking then the sum of the population of all North Koreans do, which is saying a lot. We see supportive evidence in the Business Insider (at http://www.businessinsider.com/wannacry-ransomware-attack-oddities-2017-5). Here we see IBM with “IBM Security’s Caleb Barlow, researchers are still unsure exactly how the malware spread in the first place. Most cybersecurity companies have blamed phishing emails — messages containing malicious attachments or links to files — that download the ransomware. That’s how most ransomware finds its way onto victims’ computers. The problem in the WannaCry case is that despite digging through the company’s database of more than 1 billion emails dating back to March 1, Barlow’s team could find none linked to the attack“, one billion emails! That is what we call actual evidence and here IBM is claiming that the issue of HOW the malware spread remains a mystery. Now, can you see that the entire North Korean issue is out of touch with the reality of Common Cyber Sense and Actual Cyber Security? Two elements, both are essential in all this. It is the lack of actual evidence that seems to be the issue, giving us the question, who wants the North Korea issue propagated? Any answer here is more likely to be political than anything else, which now gives us additional questions on where for Pete’s sake the need of European Intelligence remains as they fall short of providing answers. In light of the Schengen database. Why would that not be shared? If the US has access as a non-European, non-EC nation, why would the UK, a clear European nation be barred from access? With all the flawed acts by the US, having actual professionals look at Schengen data, seems to be an elemental first, would you not agree?

An additional question would be on how these Bitcoins would be cashed, it is not like an isolated nation like North Korea ever had a flying business in Bitcoins in the first place. It is actually (yes, I am shocked too), that quality information comes from PwC. In this case Marin Ivezic, a cyber-security partner. He gives us “EternalBlue (the hacking tool) has now demonstrated the ROI (return on investment) of the right sort of worm and this will become the focus of research for cybercriminals“, which would be a clear focus for veteran cyber criminals, yet the entire re-engineering foundation gives another slice of circumstantial evidence that moves us actually away from North Korea. So in this we have two elements. As the FBI and CIA have been all about pointing towards North Korea, the question becomes, where do they not want us to look and whatever else do they not have a handle on? These points are essential because we are shown an elemental flaw in Intelligence. When the source is no longer reliable, why would they be around in the first place? We can agree that governments do not have the goods on Cyber criminals, because getting anything of decent value, tends to require inside knowledge, which is the hardest to get in any case, especially with a group as paranoid as cyber criminals. The second side is that China and Russia were on the list as one of the few abled parties to get through Sony, yet Russia has fallen of the map completely in the last case, that whilst they are actually strengthening ties with North Korea. That does not make them guilty, yet on the sale required Russia was one of the few with such levels of Cyber skills. The fact that we see in the NY Times that it is too early to blame North Korea is equally some evidence, it gives vision to the fact that there are too many unknowns and when IBM cannot give view of any mail that propagated the worm, gives additional consideration that there are other places who cannot claim or show correctly how the worm got started, which is now an additional concern for anyone altering the work for additional harm. As the point of infection is not known, stopping the infection becomes increasingly difficult, any GP can tell you that side of the virus. There is one more side I would like to raise. This comes from a source (at http://securityaffairs.co/wordpress/59458/breaking-news/wannacry-linguistic-analysis.html), it is not a journalistic source, or a verified source, so please take consideration that this news could be correct. It is however compelling. The quote ““The text uses certain terms that further narrow down a geographic location. One term, “礼拜” for “week,” is more common in South China, Hong Kong, Taiwan, or Singapore. The other “杀毒软件” for “anti-virus” is more common in the Chinese mainland.” Continues the analysis “Perhaps most compelling, the Chinese note contains substantial content not present in any other version of the note, is lengthier, and differs slightly in format.” The English note of the ransomware appears well written, but it contains a major grammar mistake that suggests its author is either not a native speaker or possibly someone poorly educated“, that would make sense, yet how was that source acquired?

The second quote: ““Given these facts, it is possible that Chinese is the author(s)’ native tongue, though other languages cannot be ruled out,” Flashpoint concluded. “It is also possible that the malware author(s)’ intentionally used a machine translation of their native tongue to mask their identity. It is worth noting that characteristics marking the Chinese note as authentic are subtle. It is thus possible, though unlikely, that they were intentionally included to mislead.” The Flashpoint analysis suggests attackers may have used the Lazarus code as a false flag to deceive investigators, a second scenario sees North Korean APT recruiting freelance Chinese hackers to conduct the campaign” gives us a few elements, the element of misdirection, which I had noted on from other sources and the element that North Korea is still a consideration, yet only if this comes from a freelance hacker, or someone trying to get into the good graces of Pyongyang, both options are not out of the question as the lack of Cyber skills in North Korea is a little too well set from all kinds of sources. The writer Pierluigi Paganini is a Cyber professional. Now even as Symantec’s Eric Chien is from California, did they not have access to this part and did no one else correctly pick up on this? As I stated, I cannot vouch for the original source, but as I had questions before, I have a few additional questions now. So, exactly how needed is European Intelligence for the UK? I think that data should be shared within reason. The question becomes, how is Schengen data not shared between governments? The Guardian gives us “After the Manchester attack, which killed 22 people and left dozens of others grievously injured, it was revealed that suicide bomber Salman Abedi had travelled back to England from Libya via Turkey and Dusseldorf four days before the attack“, so how reliable is Turkish intelligence in the first place? How could he have prepared the bomb and get the ingredients in 4 days? There is an additional view on ISIS support active in the UK, yet as we now see that this drew attention to him, why on earth was the trip made? Also, was Libya or Mecca the starting point (source: claim from the father in earlier Guardian article)? How would sharing have resolved this?

Now look at this in light of the US leaks and the Cyber Intelligence of a dubious nature. There is a growing concern that the larger players NSA, DGSE, GCHQ have flaws of their own to deal with. As they are relying more and more on industry experts, whilst there is a lack of clear communication and reliable intelligence from such sources, the thoughts now become that the foundation of fighting terror is created by having a quality intelligence system that recognises the need for Cyber expertise is becoming an increasing issue for the intelligence branch. Should you wonder than, then reconsider the quote: ‘demonstrated the ROI (return on investment) of the right sort of worm and this will become the focus of research for cybercriminals‘, if you think that cyber jihadists are not considering the chaos that they could create with this, then think again.  They will use any tool to create chaos and to inflict financial and structural damage. They might not have the skills, yet if there is any reliable truth to the fact that the Lazarus group is in fact a mercenary outfit, there would be enough critical danger that they will seek each other out, that is providing that ISIS could bring cash to that table. I have no way of telling how reliable or how certain such a union could be. What is a known is that Sir Hugh Orde is not answering questions, he is creating them, as I personally see it. The quote “UK membership of EU bodies such as Europol and Eurojust, which brokers judicial co-operation in criminal cases, not only allowed access to huge amounts of vital data, but also meant UK police could set up joint inquiries with German police or those from other national forces without delay“. You see, the UK remains part of Europe and Interpol existed before the EC, so as we now see the virtual creation of red tape, the question becomes why the EU has changed rules and regulations to the degree that the UK would fall out of the boat. Is it not weird that the EU is now showing to be an organisation of exclusion? Even if we laugh on the ridiculous promises that Corbyn is making, just to be counted shows that there is a larger problem in place. Why is there suddenly a need for 1,000 more intelligence staff? Can we not see that the current situation is causing more issues then resolve them? As such, is throwing money and staff on a non-viable situation nothing less than creating additional worries?

The last part is seen in “The Schengen database and knowing about who has moved where are all intimately dependent on European systems and we have got to try to remain in them“, yet this does require all players to enter the data accurately, in addition, that only applies to people entering Schengen, yet as has been shown in the past, after that getting locations on people is becoming an increasingly difficult problem. The fact that after the Paris attacks, some people of interest were found to be in Belgium is one side, the fact that these people could have met up with all kinds of contacts on the road is another entirely. The truth is that the intelligence branch has no way of keeping track in such details. In addition we have seen that the list of people of interest is growing way beyond normal means and organising such data streams and finding new ways not just to find the guilty, but to decrease the list by excluding the innocent is growing in complexity on a nearly daily basis. And that is before the cyber mess is added to the cauldron of nutrition. There is at least a small upside, as the technology stream will soon be more and more about non-repudiation, there will be additional sources of information that adds the branches by pruning the list of people of interest. The extent of pruning is not a given and time will tell how this is resolved.

It all affects the evidence that the parties hold and how it is applied, it remains a matter of time and the proper application of intelligence.

 

Leave a comment

Filed under Finance, IT, Law, Media, Military, Politics, Science

Where to focus?

This is an issue on the best of days, we are overwhelmed with information, real news, fake news and of course the Direct marketing waves that hit our internet eyes nearly 24:7. The internet is no longer some child, it is a grown adult and adults tend to lack a certain sense of humour, well the adult eyes of the beholder that is. Yet, what matters to us? When we move beyond the job that feeds you, the partner that … you and the family that gives you (usually) strength. When these things are dealt with, what matters next?

The fearful will look at North Korea, on how they are a threat and when we look at the Washington Post, a very respectable paper we see (at https://www.washingtonpost.com/opinions/the-north-korean-nuclear-threat-is-very-real-time-to-start-treating-it-that-way/2017/05/18/d60cbeec-39a4-11e7-8854-21f359183e8c_story.html) on how the threat is real. Even as we saw two failed launches, and in addition, we have yet to see anything from North Korea to get any missile that far (reaching the US), that an opinion piece states: “Stephen Rademaker, a principal with the Podesta Group, was an assistant secretary of state responsible for arms control and nonproliferation from 2002 to 2006“, so here we see the message, yet the core truth is: “The Podesta Group is a lobbying and public affairs firm based in Washington, D.C.. It was founded in 1988 by brothers John Podesta and Tony Podesta, it can be found at 1001 G Street, NW Suite 1000 W Washington, DC 20001“. Basically it is a marketing firm working a very niche market. Don’t get me wrong. I am not ‘attacking’ them, I would accept a position in such a firm any day of the week. Whether we call them marketeers, government strategy councillors or even diplomatic assistants, they are professionals and I do love working with professionals, especially in an environment I am not fully comprehensive of. You see, when you are out of your waters, most people tend to get to be a little apprehensive. Not me, it invigorates me, whether it is working as a document carrier for Faisal bin Abdullah, or Salman bin Abdulaziz Al Saud, doing work for google (which has been one of the most mentally intoxicating and invigorating environments ever) or merely finding new data solutions, working through data and solving the puzzle I see. So is North Korea a real threat or a perceived one? The safe bet is too see them as a real threat as they have access to Uraninite. You see, the world tends to be a little more complex than that. Having the stuff is not enough, getting the delivery method working correctly is an entirely different matter. It can be by having people from Pyongyang masked as South Koreans attending international universities in science and engineering would be a first, which is not that far a stretch. I literally (by accident) I told this Korean student “Does your family still have that bar in Pyongyang?“, he turned pale and said ‘How did you know that?‘, which was not the response I was going for, but OK, such is life, full of surprises. So as you ponder this, wonder on how China has little or no worry. If North Korea ever actually launches a missile towards America, do you think that the President of the USA would not instantly retaliate (especially the current one), what happens to places like Shenyang (in China), also consider whatever hits the water will make fishing no longer an option for decades, Japan learned that the hard way, so there you have it. In addition, we have seen the North Korea military look at systems like they were magical and those were computers the current European generation laughs at. That can be corroborated by the press as they were on a North Korean press tour a little over a year ago. The ‘minders‘ of those groups had NEVER seen a smart phone. I think that North Korea talks a lot, but for now has no real byte. Now the last part of that the Podesta group is a professional organisation. So was it merely an opinion piece or was the article their business, business they charge for? I will leave you with that thought.

The older American would look at the danger of pensions, which we also see in the Washington Post (athttps://www.washingtonpost.com/news/powerpost/wp/2017/05/18/trumps-budget-calls-for-hits-on-federal-employee-retirement-programs), the article ‘Trump’s budget calls for hits on federal employee retirement programs‘ describes on how it impacts. The article is a really good read and gives me the feeling that US retirement plans are an awful mess, with the additional danger that they seem to be running dry slightly too soon, which is what you get with a 20 trillion-dollar debt I reckon. The quote “A preliminary budget document released in March called for a domestic discretionary budget decrease of $54 billion, with an equal increase for defense, homeland security and veterans. Nineteen 19 small agencies would be eliminated, along with their workforces“, the additional “Increasing the FERS employee contribution would result in the average federal employee losing nearly $5,000 per year in take home pay, that’s per year after the phase-in is finished, he estimated. “Phasing this outrageous pension cut in over several years does not make it any more palatable. If this change is made, federal employees will no longer have a secure retirement. Period.”” is even more food for thought. The one equaliser in American business has for the longest time been that those people had a secure retirement, when this is off the table the one part of quiet governmental officials was that there was a long term benefit, with that off the table the environment in government positions will change. Now, we might think that this is not a bad thing, but it will result in chaos, and when we have seen and known that the American infrastructure has no real way to deal with chaos in its ranks, we will see different whirly waves of discontent, a few will leave marks on everyone. So when we read “The budget proposal President Trump plans to unveil Tuesday would give to federal employees with one hand, while taking away with five others” is an interesting one and I reckon that when the full paper is released this coming Tuesday, the US national papers will give it high visibility, because the United States federal civil service has a total of around 3 million people, which is 1% of the US population, making it decently important to cater to them. Perhaps those trying to sell the change might have been better off talking to the Podesta group first?

For me, the news was not in a newspaper. It was found in Digital health article. It re-iterated the issue of ‘urgent change‘ I voiced in my blog yesterday. In there I showed the NHS digital part regarding the endgadget quote “NHS digital had notified staff on patches” which would have diminished the Cyber attack gives us two sides. One, would there have been diminished damage, because that would suffice as evidence. Yet in Digital health we see: “a small team of developers is recommending the health service reduce its reliance on Microsoft“, which is overall not a bad idea, yet the NHS is too big to just make a shift in policy like that. I would be in favour of a shift towards something a lot safer like Linux, but that requires expertise. Another option is to rely on an android option where the NHS is all about apps, equally optional, but it will require massive amounts of resources on programmers, testers, upgraders and cyber monitoring. All these options require a drastic shift in IT operations. When we accept that in too many places there is no minding the NHS IT store (by not patching) the dangers will increase. As I quoted: “It is also my personal belief that in many cases the person claiming ‘urgent action is needed’ is also the person who wants the ‘victim’ to jump the shark so that they can coin in as large a way as possible“, which is what we see right here in the article. Now consider the quote: “To demonstrate that there is a licence-free alternative, GP Marcus Baw and technologist Rob Dyke have adapted the open source Linux-based Ubuntu operating system specifically for the NHS. They call it NHSbuntu“. So why not just use the foundation called Ubuntu? I cannot judge the intent (noble or not), but consider that technologist Rob Dyke has to pay for rent and so much, where is his interest? Do not get me wrong, we should not just dismiss any idea that might work, yet will it? You see any IT environment needs oversight and maintenance. The NHS is in no position to make such drastic changes as it is short on basic needs (nurses and doctors), I do agree that the IT needs to be addressed, yet two Labour governments wasted the IT budget of close to 10 years, lets leave it alone until we can actually address solutions. In this, one additional quote from Beta News. they give us “The report reveals that 12.8 percent of non-Microsoft programs were un-patched in the first quarter of this year“. If patching is so important, and it is, why give voice to 12.8% of additional risk? As stated, I am no Microsoft fan, but it does work in the current NHS environment and if we believe NHS Digital and the trusts do actually patch their stuff, the danger would have been a lot lower. As the evidence is at present, this issue would have been addressed by mere policy and replacing those not adhering to it might be the cheapest and best solution. In all this IT News gives us one more part, the fact that Microsoft is actually releasing a patch for operating systems that are no longer supported is also evidence. I do not see it as merely “to protect the company’s customer ecosystem“, which is a decent answer if you believe that. You see they could have merely told the customers to freely upgrade to Windows 10. I believe that, as they state it “to protect users against NSA-derived ransomware“. I believe that someone has evidence on a Microsoft-NSA cooperation in the beginning of the data snooping age and somehow the makers of the Ransomware (less and less likely to be North Korean) got access to the information needed. I reckon that anyone upgrading will be removing the digital evidence on their computers of that event. If you doubt me, consider the quote in that same article “Current versions of WannaCrypt use two exploits leaked by the ShadowBrokers hackers, who gained access to systems at The Equation Group, which is linked to the United States NSA, last year“, if that is true, how did North Korea get this? If they are good enough to be allegedly part of the NSA (source: Kaspersky), how come that the bulk of the cyber intelligence world has no knowledge of North Korea being such a threat against a player like that? It does not matter how it got out. Whether it was a disgruntled ex-employee. Some hacker that got sucked and suckered by a honey trap, there are enough options nowadays. The reality is that somehow the intel got out. It is being addressed and fixed. It does not make the issue go away, it merely tells us that remaining up to date and properly patched was the way to go. Urgently addressing does apply to systems being reasonable up to date, which does mean that there are costs, pushing yourself away from Microsoft (not the worst idea) comes with a cost, one that the NHS cannot afford, no matter how ambitious it seems and they got plenty of that, especially with non working systems. So, lets not make that error twice!

So when you wonder where you need to focus, I am merely suggesting that when your private house is in order, consider playing a video game or watch a nice blu-ray. It seems to me that a balanced life is the most important thing you can arrange for yourself, let the circus play its game and decide not to watch every show they offer, in the end it could just be merely Direct Marketing.

Get what you actually need, not what others state you need!

 

Leave a comment

Filed under Finance, IT, Media, Military, Politics, Science

Age of darkness coming

An interesting article came to light today. Actually, it might not be that interesting. It is merely the consequence of a series of bad decisions by several people. The interesting part is that it was not a local thing. This is possibly one of the few times where several decisions on a global scale escalated one another into the move away from what at times now is laughingly referred to as ‘journalism’. The Guardian (at https://www.theguardian.com/media/2017/apr/15/journalism-faces-a-crisis-worldwide-we-might-be-entering-a-new-dark-age) gives us “Australia’s two largest legacy media organisations recently announced big cuts to their journalistic staff“, up to 120 editorial positions are being wiped from the list of employment options. Apparently there was also the mention “Both announcements were accompanied by corporate spin voicing a continuing commitment to quality journalism. Nobody in the know believes it“. It is followed by the mention that this is partly thanks to Donald Trump. The truth is nowhere near Trump, the entire Trump bashing is merely putting in the spotlight what had been known for some time. There is however a side that is very much true and it is escalating into a movement that will change even further over the next 20 months. The quote “technology has torn apart the two businesses – advertising and news – that used to be bound together by the physical artefact of the newspaper. Once, those who wanted to find a house, a job or a car had to buy a newspaper to read the classifieds. Now, it is cheaper and more efficient to advertise and search online“, it will change even further and the bulk of the audience is not up to speed yet, but within a year they will be.

For me the messed up situation was visible for a long time. No matter what excuse the people of News give, whatever Fairfax claims, it does not matter. Consider the following: ‘Will you pay $2.4 for filtered news?‘ This question is a lot harder than you realise, because the definition of ‘filter’ is not a given, but it is at the heart of the matter. Let’s take a few parts to give you a little perspective.

2010, 2011, we are given all kinds of news regarding Grexit, a weird dirty dance where some players are ‘threatening’ to expel Greece from the Euro. We see the news for weeks, yet no one seems to know what they are doing and the papers are absent in mentioning a legal work that was published in December 2009 by Phoebus Athanassiou that basically inform us that expulsion is not an option, you can only voluntarily leave the EEC and the Euro. The paper (at https://lawlordtobe.files.wordpress.com/2015/07/ecblwp10.pdf) is a paper that comes from the European Central Bank, so why were the newspapers in the dark? Why were the readers not properly informed on this? All the value of a newspaper thrown into the circular filing system, value lost forever.

2011 Operation Weeting. This would be the beginning of a decline that escalated on a global scale. Most people took notice to some degree regarding the News of the World, the phone hacking scandal and the celebrities involved, yet when the world learned of the hacked phones of murdered schoolgirl Milly Dowler, relatives of deceased British soldiers and victims of the 7 July 2005 London bombings the world did not react in kindness, those involved had crossed a line that a very large group found too unacceptable. Many went from ‘Ah well, celebrities!‘ towards ‘WTF!‘ and ‘Could this happen here?‘ two very different trains of thought, the Leveson inquiry that followed was followed by many and a lot of them not in the UK, when the conclusions were revealed we saw a group of editors shouting murder, fascism and on how the freedom of the press was in danger whilst none of them showed any level of accountability, this was one of the clearest coffin nails. There is more and part is not their fault. In this the politicians also have a blame in the matter. As the actual press (the Guardian, the Times, the Independent) were trying to continue to be the responsible ones (to the larger degree), they were placed next to tabloids, magazines proclaiming to be newspapers whilst limiting themselves to ‘Kardashian puts ample bust on display’ (Daily Mail). A lot could have been prevented by making these tabloids VAT (read GST) enabled. Giving the tabloids no longer a 0% VAT options would have levelled the bar a little (read: truly, just a little) against the actual newspapers in the UK. It could have spurred a larger European change. It would not have ended better for the newspapers, yet some of them would have had more time to change their product and business approach.

2012 Sony, this is the one that really got me mad. Two weeks before the PS4 was launched, Sony pulled a fast one. I discussed this (at https://lawlordtobe.com/2014/08/12/no-press-no-facebook/), in my article ‘No Press, No Facebook!‘, in this case the Guardian was pretty much the only newspaper that gave it any decent attention. A change that would affect 30 million gamers and the news remained absent. So where is the value of my newspaper now? It was “7.1. You must not resell either Disc-based Software or Software Downloads, unless expressly authorised by us and, if the publisher is another company, additionally by the publisher“, it was followed by a weak statement by a board member of Sony, but the papers and other media were quick to ignore it and none had the critical statement: ‘A terms of service is a legal document, a statement by a board member of Sony can be countermanded with a mere memo‘, the press remained absent! It all sizzled down the track as the TPP never came into effect, but the damage was done and now it was damage that hits the press as well as they were too busy with circulation numbers and facilitating to your advertisers, because Sony PS4 advertisement money is what all newspapers desperately needed, so compromising 30 million gamers (that’s Europe, with 5 million in the UK) was likely not a big deal to them.

These are a few of a growing list of issues where the newspapers are in a bad place, but to some extent they got themselves there. Margaret Simons gives us “Today, just about anyone with an internet connection and a social media account has the capacity to publish news and views to the world. This is new in human history” near the end. She is correct here, but she also forgets to mention that reach and quality is still and issue. I have, with my blog, a mere reach of 5-6 thousand readers, which is next to nothing. I believe that I offer a quality view, but that is in the eyes of the beholder. However, I am only a blogger. When she mentions ‘the capacity to publish news‘ is not entirely correct. Some are falling in front of the news because of location, yet these people are for the most not journalists and that is the kicker. Pieces that are truly journalistic remains pieces of value, the people are just having too many question marks. In addition, the people have lost a massive amount of quality of life, and the price of a newspaper subscription whilst news online tends to be free and the cost of living is going up is also a factor we cannot deny. Yet in equal measure I have worked in firms where they all had 2-5 newspapers on a daily base, most (read: nearly all of them) have stopped doing that, cutting costs did that to some degree.

So as we see the announced age of darkness coming into the newspaper business, we cannot fault their hardship, even though they themselves are partially to blame, yet in equal measure, it seems to me that quality journalism is becoming a nuisance in several European nations. They can hide some of the bad news in sponsored morning shows, there they can spin to some degree, but in a newspaper, and it is all about the relevant information, a side too many players are currently too uncomfortable with. Its fair enough that some journalists are trying to get around that part, but as too much actual news is given to us freely at a moment’s notice, many agree that there is too much speculation in some news, like ‘North Korea may be capable of firing a missile loaded with sarin nerve gas toward Japan‘ (source: CBC), yet in equal measure the newspapers have not been the utterly reliable source of news either and on both sides of the publications, there seems to be a growing issue with ethics to consider and that is even before we add tabloids like Daily Mail, Mail Online, and whatever Murdoch gets to publish. The newspapers became a multidimensional mess. I personally think it is because they waited too long to embrace the online community and that is before the new changes hits them over the next two years. By proclaiming themselves as non-accountable and considering themselves as too important, they marketed themselves straight into the insolvency mode. Yet, that is merely my view on all this.

 

Leave a comment

Filed under Finance, Media, Politics

Missed it by THAT much?

It started last night. Actually, it started a little earlier, yet I get information from so many sides, that I have to make a choice what I focus on (my final assignment for my master degree being the big number one). So when I initially heard about a missile issue I had no real interest. You see, the things PwC is up to with added narration of missed issues on Tesco, BHS and two others is a lot more interesting to me. Any missile issue tends to be a simple engineering problem. At times it is about other matters, but that is once properly tested a mere 9% of the time, with 91% being engineering or interfacing, which is basically another realm of interfacing. Oh, for the underlying entertainment. I am writing this whilst listening to The Tales of Hoffmann, which is applicable to all this on more than one level.

So back to the Lockheed Trident we go. Let’s start with the BBC (at http://www.bbc.com/news/uk-politics-38719346) with “Theresa May finds herself under pressure for refusing to answer whether she did, or did she not know that something had gone wrong with our nuclear weapons, when she asked MPs to vote to renew the costly Trident system?

So when I see “So the simple “who knew” question will keep being asked. And for as long as the opposition parties keep pushing for clearer responses, ministers will keep looking like they are awkwardly, even shiftily trying to evade a straight question“, I feel that asking the question is a loaded canon to say the least. In this day and age, regarding any issue on nuclear facilitation, do you really want the other players to openly know that UK defence does not work, so Russia and/or China only needs to work about each other and the USA? With pressures at present it is not the best idea to say the least.

My issue is with “A missile test involving Britain’s Trident nuclear deterrent system ended in failure off the coast of Florida last year, a US defense official with direct knowledge of the incident told CNN on Monday“, so not only are US defense officials sanctimonious on the best of days. It seems that they have no problems revealing certain classified events when it concerns their allies.

OK, I can accept that, so how about I reserve a little space at the end and let the public at large know on the storage issues that PRISM is still bringing, not the observation part, but the fact that the storage as it had been one and how the list of people with access was a lot larger than anyone realises. With the New York Times bringing the people on June 6th 2013 ‘U.S. Confirms That It Gathers Online Data Overseas‘ (at http://www.nytimes.com/2013/06/07/us/nsa-verizon-calls.html), but that the quote by Josh Earnest “has been a critical tool in protecting the nation from terror threats as it allows counterterrorism personnel to discover whether known or suspected terrorists have been in contact with other persons who may be engaged in terrorist activities, particularly people located inside the United States.” is missing one important element, which is “it equally allows the better hackers to alert certain people of red flags they can scan for“, which is not something they wanted us to know. I’ll get back to that later.

Let’s focus on those Lockheed cigars named Trident. You see, there is a question why the US spokesperson opened his mouth in the first place. When we consider (at http://www.businessinsider.com/upgraded-trident-ii-missile-being-tested-from-us-nuclear-submarines-2016-9), the quote “This was the 161st successful Trident II launch since design completion in 1989“, now I have no idea how many test launches we have seen, but 161 good strikes sounds like a good deal, so why suddenly this ‘revelation‘? I am all for fair display of facts, including failures, but the air that this one flaw gives give in addition other considerations, so if this US spokesperson thinks that the UK is grateful for him opening his mouth, I think it is time we make sure his bosses make sure he never considers that ever again. This all gets us to the reasoning of that US spokesperson.

Brown University is/was housing a Nina Tannanwald, who had an interesting essay. Titled ‘Renewing a Regime of Nuclear Restraint‘, we get “the non-nuclear weapons states of the world are growing increasingly impatient with the failure of the nuclear weapons states to move toward what are seen as their moral and legal obligations to eliminate their nuclear stockpiles. The humanitarian consequences movement, a globally popular movement barely discussed in the United States, is one reflection of this frustration with the slow pace of nuclear disarmament. A similar tension plays out in the United States, as the Obama administration committed to move towards a world without nuclear weapons while concurrently authorizing a multi-decade, trillion-dollar modernization of American strategic nuclear forces“, there is a truth in this, there is also the realisation that even as most want to move into a non-nuclear era, with Iran and North Korea in the mix, that is a reality that will not come any day soon, if ever. Time has taught us that putting the genie back in the bottle is not an option. If that is not an indication, try to interview Pandora on what happened to hope. Good luck with the answer to that one in this day and age!

Yet when we consider Tannanwald, there is more and more the need to consider Robert McNamara’s presentation to NATO in Athens laying out flexible response doctrine. I think that Robert McNamara is one of those essential Americans that show the American spirit. Serving under both John F. Kennedy and Lyndon Johnson, he has been confronted with the need to alter perspective and a dimensional scope that has been almost unheard of ever since. He is almost the founding father of policy analysis. In addition he is the person who consolidated functions that is amongst others now known as the Defense Intelligence Agency.

So you might think of him as a spooks Yoda, with a flair for pragmatism. Which gets us to the opposition in all this, namely Dr Julian Lewis, who in the Guardian stated yesterday (at https://www.theguardian.com/uk-news/2017/jan/24/commons-watchdog-criticises-unnecessary-surreptitiousness-trident-missile-malfunction) “chairman of parliament’s defence watchdog has criticised the government’s “unnecessary surreptitiousness” over the Trident missile malfunction, as Michael Fallon declined an invitation to appear before his committee“, in this we congratulate Dr. Lewis for his ability to employ a 17 letter word, yet the issue in all this is twofold. the first is that as far as we can tell this is a 1 in 161 cases, making it an outlier that could have been addressed outside of the view of the public, second that the Government had already clarified a need much earlier (which I will point out a little further, with a link off course) that there was a certain need, that need is now directly undermined. Perhaps there is a political need to get something else started and scuttling one solution will open up a set of new problems onto which certain people with interests can throw a lot of money at, they would only need to get rid of 4 submarines. We know that a new HMS Dreadnought is coming, but what is possibly less known is that a refit of the Vanguard Class should start in 2019, which will impact the defense budget because an overhaul of this kind really requires a serious amount of coins. Now, the latter part is speculation, but is it far-fetched? It is 2017, these matters take time, there is no doubt about that, so there is a gap where certain actions have a lot of impact and the misfire is just a lucky break for some people. In all this I could be, and I am probably wrong in all this. Yet when you look at the facts as they are clear, as we know that our cold war opponent has satellites, so they know about the event, calling this into the open only serves another platform. I have no idea which one, but the visibility of these events call a lot into question, especially the actions of a blabbing yank. Now, for some this might actually be one of those democratic losers with no prospect considered ingratiating himself to optional future employers in the media as this person could be democratically replaced by the new party in charge if his function was high enough and the CNN quote “US defense official with direct knowledge of the incident told CNN on Monday” implies that he is higher up the ranks to some degree.

So how does this reflect back to Trident? Well, if we accept that regional tensions are made worse regarding nuclear policies by unstable regimes where the mental balance of the one in charge leaves a lot to be desired (examples: Kim Jong-un and Mahmoud Ahmadinejad, when he was in office) , we should consider that the solution does not work, tension is not eased, it only invigorates that person to consider pressing the famous red button. This comes mainly from the premise of the thought ‘theirs might not work initially‘, which would only instigate a false sense of ego of that person pressing the button. I am going one step further stating that such a person could call in some simpleton cook, asking him ‘Can you press this button? My hand hurts!‘, so that unsavoury character now has the genuine option of remaining in denial.

Even as we consider that 2 out of 161 might not work, the stats are extremely unkind on the chances for the receiving party. Still the issue remains, what was that US spokesperson thinking off when he/she considered speaking on the matter at all was a good idea? Don’t get me wrong, I am not stating that we should be lied to, but there were clear security considerations in play and I wonder if that person was even high enough on the pay scale to make have this consideration, speaking out regarding an allied nation (read: the UK).

My view?

Well, personally, when I look into the error, I am considering that it was not a simple flaw, you see, when the missile is off by a degree, or even less. When it is that small it becomes an issue because that takes time. When the direction is off by a maximum dart score round (180), it tends to be a simple construction flaw, an interface that was not properly checked, basically, the kind of flaw that requires Lockheed (on average) to send the next missile at $0 (and they also have to pay for postage, packaging, gift wrapping and shipping too). Which would be another reason for some people not to speak, unless officially ordered to do so, as it would start an entirely different debate on the Trident Project. So in this light, as we see that 1 out of 161 went wrong, the dust cloud is very much disproportionate to the events as we see them. Even when we see the connected views on Jeremy Corbyn, who has been for the longest times in the light of ‘Jeremy Corbyn says he will put nuclear disarmament at the heart of his leadership re-election campaign‘. which  is what we saw in July 2016, in September 2016 we see: “to put to one side any attempt to reverse Labour’s support for renewing Trident in a bid to reduce tensions with unions and rebel MPs“, yet that ship has sailed, so he can ‘revive’ his lifelong view of being the soul that is anti-Trident. We might see that as a decent view, yet in all that we see evolve is it the correct one? I think that there is no clear answer and this is not on Jeremy, but it all now shows to be a valid political attack, which he cannot be faulted for. Yet how to proceed?

What makes a cigar a cigar?

So this Lockheed device has several elements. I will not some conceded jerk telling you what went wrong. We can speculate that the electronics were wrong, yet what if that is actually not the case? Consider the following sources. the first (at http://www.publications.parliament.uk/pa/cm200506/cmselect/cmdfence/986/98605.htm) gives us at [40]: “‘De-targeting’ and ‘State of Readiness’: The SDR stated that the Trident missiles aboard the Vanguard-class submarines would not be targeted and would normally be at several days ‘notice to fire’. However, the SDR also noted that “we will… ensure that we can restore a higher state of alert should this become necessary at any time”. In the course of our inquiry, we were told that targeting the missiles does not take very long“, in that is it not interesting that an actual metric was not given?

In addition we get “Dr Rebecca Johnson, of the Acronym Institute for Disarmament Diplomacy, argued that both de-targeting and the reduced state of readiness were essentially meaningless since they could be could be easily overridden“, which was in the same paragraph and it gave me the part that is soon to come. You see (at https://www.gov.uk/government/publications/uk-nuclear-deterrence-factsheet/uk-nuclear-deterrence-what-you-need-to-know) we see ‘A minimum and credible deterrent‘, with the quote “we require a fleet of 4 submarines to maintain 1 continuously on patrol and retaining this posture is essential to assure the invulnerability of the deterrent“.

So, this is me speculating, the triviality that we saw regarding the ‘we were told that targeting the missiles does not take very long‘. So what if the targeting could be messed with? In this day and age, is that such a leap? If that is true and if the targeting can be messed with, the issue now becomes that Her Majesty’s Navy now has 4 cigar boxes that could potentially be regarded as useless, making them extremely expensive non-deterrents. Let’s not forget, this is pure speculation, so it becomes only the smallest of options if the missile was not malfunctioning in a normal way.

So how does this reflect on me making some other case earlier and why mention it?

Well, let’s take you through the motions, it will take a few paragraphs. First there is “NSA whistle-blower Edward Snowden has denied he committed treason with his revelations that the US had been hacking Hong Kong and China since 2009. He said his revelations did not disclose military targets – a treasonable act – only civilian infrastructure“, try and focus on the red parts in all this. The next part is “Without asking for public permission, the NSA is running network operations that affect millions of innocent people. In a previous interview with the South China Morning Post, Snowden said he was releasing the information to demonstrate “the hypocrisy of the US government when it claims that it does not target civilian infrastructure, unlike its adversaries“, which gets us part of the first part. The source is the IB Times (at http://www.ibtimes.co.uk/nsa-whistleblower-edward-snowden-479709) and they are only one of several sources.

From that same source we get “Internet companies – including Facebook, Google, Yahoo, Apple and Microsoft – were reported to have given the NSA “direct access” to their servers under a data collection programme called Prism” as well as “US government agency had access to the raw databases of these companies. “They can enter and get results for anything they want [such as] phone numbers, email, user id, cell phone handset id,”” and “Additionally, audits are cursory, incomplete, and easily fooled by fake justifications. At GCHQ, the number of audited queries is only 5% of those performed.” now we need to consider that “He was employed by several outside contractors including his current employer, defence contractor Booz Allen Hamilton“.

Now I make one step back to a statement I made some time ago. You see, there is a part that never rang true, especially as the amount of data he allegedly took with him, yet this data never saw the light of day. In addition, for one person to have this level of clearance and access is something I always questioned! On the 23rd June 2013 I wrote ‘Who are the real watchers?‘ (at https://lawlordtobe.com/2013/06/23/who-are-the-real-watchers/), in there I wrote “his account is broken down and thousands of dollars on internal communications, price agreements, customer’s details and many more details are now duplicated. It would be worth quite a few coins for the right competitor. As such the quiet student will have all his University debts paid off long before he gets his degree. So, what is this about?“, which I bring on January 18th 2014 in ‘Diary for a wimpy President‘ (at https://lawlordtobe.com/2014/01/18/diary-for-a-wimpy-president/) with “The government will no longer store the phone call information of millions of Americans. But he did not say who should maintain the information, instead giving the intelligence community 60 days to come up with options” as well as former Presidents Obama quote “What I did not do is stop these programs wholesale, not only because I felt that they made us more secure, but also because nothing in that initial review, and nothing that I have learned since, indicated that our intelligence community has sought to violate the law or is cavalier about the civil liberties of their fellow citizens“, the point in all this is not just the traitor Edward Snowden, who decided to become the judge, what also happened is that several sides of this went to private contractors, some of them very much greed driven. It is my belief that one event is linked. It was given on October 5th 2016, I wrote about it, but I will not give the link. The Telegraph (at http://www.telegraph.co.uk/news/2016/10/05/nsa-contractor-charged-over-alleged-theft-of-secret-us-governmen/) gives us the parts we need. “Harold Thomas Martin, 51, was secretly arrested by the FBI in August for allegedly stealing classified information. The US Department of Justice says it found Top Secret documents in Mr Martin’s home, vehicle, and two storage sheds on his property in Glenn Burnie, Maryland during a search on August 27th” as well as “Those documents were reportedly “source code” developed by the NSA to hack its adversaries. The codes would allow the NSA to covertly place malware in the computer systems of foreign governments and to monitor or even attack the networks“. Now, the part that comes next remains speculation!

I think that is exactly what has been happening. I think that whatever Harold Thomas Martin did get out before the NSA/FBI could lock down on it. I think that these contractors have been doing their job, but I also believe that someone has been getting access because part two gave access to part one and those people aren’t sworn in executives of agents of any government.  What if we consider when we combine the ‘claimed facts‘ as published, where other parties have been gathering information from selected mobiles, and where users have been interfered with. You see, we all got the messages as seen (at https://www.nytimes.com/2016/12/13/us/politics/russia-hack-election-dnc.html), where we see “At least one computer system belonging to the D.N.C. had been compromised by hackers federal investigators had named “the Dukes,” a cyberespionage team linked to the Russian government“, so even if we question whether this is a Yay or a Nae, the issue is that the DNC is not the gemstone. Yes, most foreign governments want to see in what direction policies are likely to go. Which is why people like Marine Le Pen are getting monitored and not just by the French. You remember the earlier quote “giving the intelligence community 60 days to come up with options“? What if that has been rolled out, don’t you think that both the Russians and the Chinese are a lot more interested in access to those systems (read: that data)? Now we see the dangers that Harold Thomas Martin brought to America, the fact that these intrusion tools are in the open and possibly in Russian hands. We now see that tools can be used against their collection points. They only need to open one port and slowly siphon data away. How much damage do you think that this brings. In addition, and this last part is pure speculation, as those Tridents rely on ‘targeting the missiles does not take very long‘ yet if the specifications come from the outside, can these tools interfere with that? Do not forget that “would normally be at several days ‘notice to fire’” implies that there is a track that the targeting goes through and only the final step is the most secure one. Can we even know how secure those previous steps are? Which tools have been pushed to less controlled civilian hands due to the entire Snowden debacle? What dangers has he placed us all in? We now see via the Wall Street Journal and The Australian that what is now published in 2017, I already covered to some degree in 2013, I was correct to the largest degree all along. We see the quote “According to a unanimous report declassified on December 22 by the house permanent select committee on intelligence, the investigation showed Snowden had “removed” 1.5 million documents“, with added “based on, among other evidence, electronic logs that recorded the selection, copying and moving of files“, another issue I raised due to my knowledge of SE-UNIX. The fact that he had done this over a period of 6 weeks implies that there is a level of what should be regarded criminal negligence concerning Intelligence matters which is truly unsettling. The fact is that this stuff went into the open void, the question was who else got a hold on that stuff? The Wall Street Journal gives one part I never had (due to a lack of specific knowledge). That part is seen in the quote “Since the NSA was created in 1952, Russia and other adversary nations had been trying to penetrate its Level-3 secrets without great success“, he fact that they clearly have access to some degree, both Edward Snowden and Harold Thomas Martin have made that a near certainty.

This now reflects back to the Lockheed devices. Consider that the UK has a different methodology regarding its missiles. If a test was performed through the normal track and if we accept that the Russians have to some degree Level-3 documentation ‘access’, when we also accept that they have a clear understanding on the PRISM system now and we already know that both China and Russia can interfere with data packages (read: transmitted data) whilst in motion, is it really far-fetched that they intervened (read: corrupted) the data meant for the failed Trident test? Let me reiterate, I am not stating they retargeted that missile as there are too many components they do not control, the package just needed to be corrupt to the smallest degree, which would get the missile into a wrong destination and then self-destruct. Now, as stated, this is speculative, yet based on data which after 3 years is now proving to be utterly (read: mostly) correct. Is the speculation that far-fetched? And Russia has every reason to scuttle the UK Vanguard units now before the newer and totally unknown entity HMS Dreadnought comes into play, as stated by other academics in this field that it is  ‘essential to assure the invulnerability of the deterrent‘, when that invulnerability is gone, what remains?

I can tell you that I might not be entirely correct, but I can tell you that based on 3 years of data coming true that my aim is a lot better than the latest Lockheed Trident missile, which was allegedly off by almost 180 degrees.

 

Leave a comment

Filed under IT, Media, Military, Politics

The name of the sponsor

The article that was in the Guardian on Friday, gives us a few issues. You see, I have been looking at several issues in the tech world and I overlooked this one (there is only so much reading that can be done in a 24 hour range and it is a big planet). You see the article ‘Yahoo faces questions after hack of half a billion accounts’ (at https://www.theguardian.com/technology/2016/sep/23/yahoo-questinos-hack-researchers) gives us the goods from the very beginning. The quote “Yahoo’s admission that the personal data of half a billion users has been stolen by “state-sponsored” hackers leaves pressing questions unanswered, according to security researchers“, is one I would go with ‘and the evidence?‘, which gives us all kinds of related connections. The quote “Jeremiah Grossman, head of security strategy at infosec firm SentinelOne, said: “While we know the information was stolen in late 2014, we don’t have any indication as to when Yahoo first learned about this breach. This is an important detail in the story.”” is only one of a few issues at the heart of the matter. You see, when we look at the issues that are the plague of these start-up firms (Yahoo and Sony), we should think that they are start-up firms or they are massively negligent. In both cases their routers allowed for the transfer of massive amounts of data. As they are the same size in start-up (sorry, sarcasm prevails), we need to wonder how a few hundred million packages fall between the cracks of vision of whatever security element their IT has. We could wait until someone states that there is no security on that level and the race is truly on then!

This whilst additional support as seen stated by Chris Hodson, EMEA chief information security officer at enterprise security firm Zscaler, when we read: ““With no technical details included in Yahoo’s report about how the data was exfiltrated, just that it was, it’s impossible to assess credibility of the ‘state sponsored’ claim“, a statement I agree, but in addition, I also wonder why we aren’t seeing any reference or initial response from the FBI that this was from North Korea. It fits the time frame doesn’t it? First a dry run on Yahoo and the actual heist was Sony. Or perhaps some players are figuring out that North Korea was never an element and that someone clever enough found a flaw and hit both Yahoo and Sony. The quote “both from the date of the hack, almost two years ago, and from the first appearance of the dumped data on the dark web almost two months ago where it was being sold by a user named “Peace of Mind””, the speculation comes to mind: ‘perhaps this person is the second owner and this person is reselling acquired data’, which would make sense in several capitalisic ways. The article also enlightens what I believe to be a callous approach to security: “The breach also highlights a strong problem with “security questions”, the common practice of letting users reset passwords by answering questions about their first house or mother’s maiden name. Yahoo did not encrypt all the security questions it stored, and so some are readable in plaintext. While it may be irritating to have to change a stolen password, it is somewhat worse to have to change a stolen mother’s maiden name.” The insensitive disregard is clear when the security question is not encrypted and mum’s maiden name is given in plain text, adding to the personal data the thieves borrowed (long-term). Now, we know that there are in these situations several questions, and not all are really about privacy sensitive based data (like a favourite pet), but consider the 2013 movie ‘Now You See Me‘ Consider the dialogue in the New Orleans Show scene:

Jack Wilder: How could we, Art? We don’t have your password.
Henley Reeves: We’d need access to information we could never get our hands on.
Daniel Atlas: Yes, security questions, for instance, like, I don’t know, your mother’s maiden name or the name of your first pet.
Merritt McKinney: Where would we get that information, Art? You certainly would never tell us.

A movie gives us the danger to our goods a year before this data is stolen and nobody presses the alarm bell? The only part that would be even funnier if this was a Sony movie, but no, it was Summit Entertainment who brought this gemstone! Now, we know that life is not a movie, yet the fact that this part is stored as plain text, perhaps not the best solution! In addition as IT developers tend to be lazy, how many other firms, especially those who are a lot smaller, how are they storing this data? Also in plain text?

You see, I have seen parts of this issue too often. Too many firms have no real grasp of non-repudiation and go through the motions so that they seem (read: present themselves) to be about security, yet not really security driven. Because if the client doesn’t want it (many are too lazy), they have opted for it and they are in the clear. Yet when we see that the security questions are in plain text, questions should be asked, very serious questions I might add!

There is one more side to all this, the Guardian raises it with: “what happens to the company’s multi-billion dollar merger with Verizon now? Kevin Cunningham, president and founder at identity company SailPoint, argues that the breach should already be priced in“, we then see the issues of thoroughness raised from Verizon, but in all this, the data theft does not makes sense. You see, if my speculation is true and “Peace of Mind” is the first sales iteration, was this ID the only customer? If so, how come that the sale took this long, the timeout between the event in 2014 and the optional sale a few months ago is weird, as accounts change so quickly, the power and value is in quick sales. To put it in perspective, selling the data to 10 people for a total of 5% of the value is safer then awaiting for one person getting 70% of the value 90 days later. This is a movers and shakers world, the 90 day person is a perhaps and these people are about the ‘cash now’. The market stall people! So in this an 800 day customer implies that there might have been ulterior reasons. Which one(s) I can only speculate on, and I prefer not to do that at present. Now, in that side, it is of course possible that this was ‘state-sponsored’ and it was sold on to keep the wolves at bay, but that too is speculation with absolutely no data to back the speculation up.

Verizon might have taken a calculated level of risk in acquiring Yahoo, yet if the data transgression was never divulged, would this be a case of fraud? The US has the “benefit of bargain” rule, so there could be a decent case of represented and actual value. In addition if we allow for Special damages from a legally recognizable injury to be held to be the cause of that injury, with the damage amounts to specificity. If the data theft would have been known, the value of the firm would have been a lot lower.

Unless this was clearly disclosed to Verizon (I actually do not know), Verizon might have a case, which would be disastrous for Yahoo.

If we consider the news from July at NBC (at http://www.cnbc.com/2016/07/25/verizon-to-acquire-yahoo.html), the setting is not just “Microsoft, Yahoo and AOL lag far behind and have lost market share“, there is no guarantee that those hit by the hack will remain in their Yahoo setting. Google has made it far too easy for people to switch over. The effort made in the past to transfer towards Google could inspire those people to switch to Google, import their mails and start with little or no loss at all. Which means that it is not impossible that Verizon after the merger remains a one digit digital marketing group, something I feel certain Verizon never counted on.

So where is this going?

There are two sides to this, not only is this about cyber security, or the lack thereof. The fact that Verizon has no unlimited data and those with Yahoo accounts who had them will now see their prices go up by a lot (when is this not about money?). Verizon has a 100GB shared option at $450 a month, which is beyond ridiculous. In Australia, iiNet (an excellent provider) offers 250GB for $60 a month and in the UK British Telecom offers a similar plan for no more than £21 a month (which is about $35), considering that BT is not the cheapest on the block, I have to wonder how Verizon will continue, when people have to switch, because their music apps (radio and so on) drain their data account at 6-8GB per day (a harsh lesson a friend of mine learned). Meaning that Verizon is actually a disservice to open internet and free speech. As I see it, free speech is only free if the listener isn’t charged for listening, or better stated, when certain solutions are locked to be not via Wi-Fi, meaning charged via bandwidth. So the accounts were one side, the amount of data breeches that we are seeing now (on both the Verizon and Yahoo side) imply that not only are they too expensive, they aren’t as secure as they are supposed to be and in addition, cyber laws are blatantly failing its victims. Having your data in plain text at $450 a month seems a little too unacceptable, merely because the odds to keep your fortune in Las Vegas tend to be better than this.

So now consider the sponsor, the people behind the screens on both the corporate and hacking side. So let’s take a look

Corporate

Here the need for security is essential, yet there is clear indication that those aware of spreadsheets (read: Board of Directors) are in equal measure naive and blatantly unaware that data security is essential and not the $99 version in this case. The cost of secure data is ignored and in many cases blatantly disregarded. The Yahoo case is inferior to the Verizon data transgressions that have been reported in this year alone. It is so nice to read on how the health industry is hit by organised crime, yet the amount of theft from their own systems is a lot less reported on. I find most amusing the text that the Verizon Data Breach Investigation Report shows: “Yes. Our vulnerability management solutions identify and fix architectural flaws in POS and other patientfacing systems“, “Yes. Our identity and access management solutions prevent the use of weak passwords, the main cause of data breaches in the healthcare industry” and “Yes. Our intrusion detection and threat-management solutions help detect and mitigate breaches more quickly, limiting the damage caused” (at http://www.verizonenterprise.com/resources/factsheet/fs_organized-crime-drives-data-theft-in-the-healthcare-industry_en_xg2.pdf), I reckon that a massive overhaul of their own systems has a slightly higher priority at present. In addition there is no information on how secure the Verizon Data Cloud is. It doesn’t matter who provides it (as I see it), and I reckon we see that iteration hit the news the moment we learn that the UK Ministry of Defence Cloud gets tweaked to another server that is not under their control. It is important to realise that I am NOT scaremongering, the issue is that too many players have kept the people and corporations in the dark regarding monitoring options, intrusion detection and countermeasures, with the cloud, any successful intrusion has the real danger that the data hack is more complete and a lot larger in data loss. Moreover, Microsoft and Microsoft employees have one priority, Microsoft! Consider that any Microsoft employee might not be as forthcoming with Cyber transgressions, no matter what agreed upon. After the agreement, any internal memo could sidestep a reportable transgression. It is a reality of corporate life. In this, until the proper military staff members get trained, the Ministry of Defence (read: as well as GCHQ to some extent) will be catching up through near inhumane levels of required training, which gets the Ministry burnout issues soon enough.

Hackers

No matter how small, these attacks (yes plural) required serious hardware and access to tools that are not readily available. So whomever involved, they are either organised crime, or people connected to people with serious cash. This all gets us a different picture. I am not stating that some hackers work for reasons other than ideological. The rent in mum’s basement and hardware needs to be paid for, if not that, than the electricity bill that will be in excess of $130 a month. It might be trivial to mention, yet these little things add up. Hardware, electricity, storage, it gives the rising need of a sponsor for these hackers. There is no way to tell whether this is ideological (to show it can be done), technological (selling the flaws back to the makers of the solution), or criminal (to sell the acquired data to a competitor or exploiter). We can assume or speculate, but in reality, without additional evidence it is merely a waste of words.

So even if we know the name of the sponsor, this hopefully shows that the need to divulging information on data transgression has been way too light. In the past there was a ‘clarity’ that it was onto the firm to give out, but as they seemingly see it as a hazard to their wealth, too many victims are kept in the dark and as such, the financial danger to those victims is rising in an unbalanced way. If you would doubt my words, consider the article at http://www.geek.com/games/sony-psn-hack-is-only-the-4th-largest-data-breach-of-all-time-1390855/, which was set in June 2009. Geek is not the news cycle you might desire, but the summary is fine and confirmable. The hack to the Heartland Payment Systems January 20th, 2009 might be one of the more serious ones, the 130 million records was more complete and could have a more devastating effect on the US population then most others. From my point of view, a massive shift to proactive data security should have been law no later than 2010, I think that we can safely say that this never happened to the extent required, which is another nice failure of the political parties at large and as such, this could get a lot uglier soon enough. The article also shows a massive Sony failing as there have been 6 large breaches in 2011 alone, so the Sony hack of 2012 shows to be a continuing story of a digital firm who cannot get their act together. That was never in question, in combination with the latest revelations, there is the added pressures that this cannot be allowed to continue and these firms need to start being held criminally negligible for transgressions on their systems. Just like in torts regarding trespass, it should be actionable perse. In addition, the hackers should be held in that same way, with the bounty changed to no less than double digit jail with no option for parole. The mere realisation that there is a high price for these transgressions might be the only way to stop this and in this age should not be a distinguishing factor, so any teenager hoping for an adventure with a nice pay package could end up not getting laid until they turn 30. The last part is unlikely to be a reality ever, but the fact that this is where we should have been going needs to be stated, for the mere reason that a shown failure of nearly a decade is no longer an option to ignore, not when the stakes are getting to be this high.

Leave a comment

Filed under IT, Law, Military, Politics

Targeting the FBI

Do not worry, the FBI is not under attack from any hostile force, in this particular case it is me who will be on the offensive regarding statements made in 2014. Let me explain why. To get to the start of this event, we need to take a step back, to be a little more precise we need to turn to the moment 645 days ago when we read that Sony got hacked, it got hacked by none other than North Korea. It took me around an hour to stop laughing, the stomach cramps from laughter are still on my mind when I think back to that day. By the way, apart from me having degrees in this field. People a lot more trustworthy in this field, like Kim Zetter for Wired Magazine and Kurt Stammberger from cyber security firm Norse. The list of sceptics as well as prominent names from the actual hacking world, they all had issues with the statements.

We had quotes from FBI Director James Comey on how tightly internet access is controlled there (which is actually true), and (at https://www.fbi.gov/news/pressrel/press-releases/update-on-sony-investigation) we see “the FBI now has enough information to conclude that the North Korean government is responsible for these actions“. I am pretty sure that the FBI did not expect that this would bite them down the track. This all whilst they rejected the alternate hack theory that Cyber Intelligence firm Norse gave (at http://www.politico.com/story/2014/12/fbi-rejects-alternate-sony-hack-theory-113893). Weirdly enough, the alternative option was no less than ten times more possible then the claim that some made. Another claim to have a giggle at came from Homeland Security, the quote was “The cyber-attack against Sony Pictures Entertainment was not just an attack against a company and its employees. It was also an attack on our freedom of expression and way of life“, which is a political statement that actually does not say much. The person making it at the time was Jeh Johnson.

You see, this is all coming to light now for the weirdest of reasons. The Guardian (at https://www.theguardian.com/world/2016/sep/21/north-korea-only-28-websites-leak-official-data). The subtitle gives us “Apparent error by a regime tech worker gave the world a rare glimpse into the few online sources of information available“, so one of these high profile worldly infamous hackers got a setting wrong and we get “But its own contribution to the world wide web is tiny, according to a leak that revealed the country has just 28 registered domains. The revelation came after one of North Korea’s top-level name servers was incorrectly configured to reveal a list of all the domain names under the domain .kp“, you see, here we see part of the fun that will now escalate.

In this I invite NSA director Admiral Michael Rogers and FBI Director James Comey to read this, take note, because it is a free lesson in IT (to some extent). It is also a note for these two to investigate what talents their agencies actually have and to get rid of those who are kissing your sitting area for political reasons (which is always good policy). When  the accused nation has 28 websites, it is, I agree not an indication of other internet elements, but let me add to this.

The need to prototype and test any kind of malware and the infrastructure that could actually be used against the likes of Sony might be routed via North-Korea, but could never originate there. The fact that your boffins can’t tell the difference is a clear given that the cyber branch of your organisations are not up to scrap. In that case it is now imperative that you both contact Major General Christopher P. Weggeman, who is the Commander, 24th Air Force and Commander, Air Forces Cyber (AFCYBER). He should most likely be at Lackland Air Force Base, and the phone number of the base is (210) 671-1110. I reckon setting up a lunch meeting and learn a thing or two is not entirely unneeded. This is not me being sarcastic, this is me telling you two that the case was mishandled, got botched and now that due to North Korean ‘expertise’, plenty of people will be asking questions. The time requirement to get the data that got taken was not something that happened overnight. For the simple reason that that much data would have lit up an internet backbone and ever log alarm would have been ringing. The statement that the FBI made “it was unlikely that a third party had hijacked these addresses without allowance from the North Korean government” was laughable because of those pictures where we saw the Korean high-command behind a desktop system with a North Korean President sitting behind what is a mere desktop that has the computation equivalent of a Cuisena Egg Beater ($19.95 at Kitchen Warehouse).

Now, in opposition, I sit myself against me. You see, this might just be a rant, especially without clarification. All those North Korean images could just be misdirection. You see, to pull of the Sony caper you need stimulation, like a student would get at places like MIT, Stanford, or UTS. Peers challenging his solutions and blocking success, making that person come up with smarter solutions. Plenty of nations have hardware and challenging people and equipment that could offer it, but North Korea does not have any of that. The entire visibility as you would see from those 28 domains would have required to be of much higher sophistication. You see, for a hacker, there needs to be a level of sophistication that is begotten from challenge and experience. North Korea has none of that. Evidence of that was seen a few years ago when in 2012 in Pyongyang I believe, a press bus took a wrong turn. When some reporters mentioned on how a North Korean (military I believe) had no clue on smartphones. I remember seeing it on the Dutch NOS News program. The level of interaction and ignorance within a military structure could not be maintained as such the military would have had a clue to a better extent. The ignorance shown was not feigned or played, meaning that a technological level was missing, the fact that a domain setting was missed also means that certain monitoring solutions were not in place, alerting those who needed to on the wrongful domain settings, which is essential in regards to the entire hacking side. The fact that Reddit and several others have screenshots to the degree they have is another question mark in all this last but not least to those who prototype hacking solutions, as they need serious bandwidth to test how invisible they are (especially regarding streaming of Terabytes of Sony data), all these issues are surfacing from this mere article that the Guardian might have placed for entertainment value to news, but it shows that December 2014 is a very different story. Not only does it have the ability to exonerate the

We see a final quote from Martyn Williams, who runs the North Korea Tech blog ““It’s important to note this isn’t the domain name system for the internal intranet,” Williams wrote. “That isn’t accessible from the internet in any way.”” which is true to some extent. In that case take a look to the PDF (at https://www.blackhat.com/presentations/bh-usa-07/Grossman/Whitepaper/bh-usa-07-grossman-WP.pdf) from WhiteHat security. On page 4 we get “By simply selecting common net-block, scans of an entire Class-C range can be completed in less than 60 seconds“, yes, I agree you do not get that much info from that, but it gives us to some extent usage, you see, if something as simple as a domain setting is wrong, there is a massive chance that more obscure essential settings on intranet level have been missed, giving the ‘visitor’ options to a lot more information than most would expect. Another matter that the press missed (a few times), no matter how Time stated that the world was watching (at http://time.com/3660757/nsa-michael-rogers-sony-hack/), data needs to get from point to point, usually via a router, so the routers before it gets to North Korea, what were those addresses, how much data got ported through?

You see, the overreaction from the FBI, Homeland Security, NSA et al was overly visible. The political statements were so out in the open, so strong, that I always wondered: what else? You see, as I see it, Sony was either not the only one who got hacked, or Sony lost something else. The fact that in January 2015 Sony gave the following statement “Sony Entertainment is unable to confirm that hackers have been eradicated from its computer systems more than a month after the film studio was hit by a debilitating cyber-attack, a report says“, I mentioned it in my article ‘Slander versus Speculation‘ (at https://lawlordtobe.com/2015/01/03/slander-versus-speculation/). I thought it was the weirdest of statements. Basically, they had almost 3 weeks to set up a new server, to monitor all data traffic, giving indication that not only a weird way was used to get to the data (I speculated on an option that required it to be an inside job), yet more important, the fact that access had not been identified, meaning it was secured gave way to the issue that the hackers could have had access to more than just what was published. That requires a little bit more explanation. You see, as I personally see it, to know a transgressor we need to look at an oversimplified equation: ‘access = valid people + valid systems + threats‘ if threats cannot be identified, the issue could be that more than one element is missing, so either you know all the access, you know all the people and you know the identity of valid systems. Now at a place like Sony it is not that simple, but the elements remain the same. Only when more than one element cannot be measured do you get the threats to be a true unknown. That is at play then and it is still now. So if servers were compromised, Sony would need a better monitoring system. It’s my personal belief (and highly speculative) that Sony, like many other large companies have been cutting corners so certain checks and balances are not there, which makes a little sense in case of Sony with all those new expansions corners were possibly cut and at that point it had an IT department missing a roadmap, meaning the issue is really more complex (especially for Sony) because systems are not aligned. Perhaps that is the issue Sony had (again this is me speculating on it)?

What is now an issue is that North Korea is showing exactly as incapable as I thought it was and there is a score of Cyber specialists, many of them a lot bigger then I will ever become stating the same. I am not convinced it was that simple to begin with, for one, the amount of questions the press and others should have been asking regarding cloud security is one that I missed reading about and certain governmental parts in the US and other nations have been pushing for this cheaper solution, the issue being that it was not as secure as it needed to be, yet the expert levels were not on par so plenty of data would have been in danger of breaching. The question I had then and have now a lot louder is: “Perhaps Sony showed that cloud server data is even less secure than imagined and the level required to get to it is not as high as important stakeholders would need it to be“. That is now truly a question that matters! Because if there is any truth to that speculation, than the question becomes how secure is your personal data an how unaware are the system controllers of those cloud servers? The question not asked and it might have been resolved over the last 645 days, yet if data was in danger, who has had access and should the people have been allowed to remain unaware, especially if it is not the government who gained access?

Questions all worthy of answers, but in light of ‘statements made’ who can be trusted to get the people properly informed? Over the next days as we see how one element (the 28 sites) give more and more credible views on how North Korea was never the culprit, the question then becomes: who was? I reckon that if the likely candidates (China, Russia, UK and France) are considered there might not be an issue at all, apart from the fact that Sony needs to up their Cyber game, but if organised crime got access, what else have they gotten access to?

It is a speculative question and a valid one, for the mere reason that there is at present no valid indication that the FBI cyber unit had a decent idea, especially in light of the official response towards cyber security firm Norse what was going on.

Could I be wrong?

That remains a valid question. Even when we accept that the number of websites are no indication of Intranet or cybersecurity skills, they are indicative, when a nation has less websites than some third world villages, or their schools have. It is time to ask a few very serious questions, because skills only remain so through training and the infrastructure to test and to train incursions on a WAN of a Fortune 500 company is not an option, even if that person has his or her own Cray system to crunch codes. It didn’t make sense then and with yesterday’s revelation, it makes even less sense.

Finally one more speculation for the giggle within us all. This entire exercise could have been done to prevent ‘the Interview’ to become a complete flop. You know that movie that ran in the US in 581 theatres and made globally $11,305,175 (source: Box Office Mojo), basically about 10% of what Wolf of Wall Street made domestically.

What do you think?

 

Leave a comment

Filed under IT, Media, Military, Politics, Science

What news is news?

There are several pieces, not just in the Guardian, the BBC, the Independent or the Times. They all tell us that they have news, but do they have any actual news? The Guardian shows us a tech article (in the Tech section) called: ‘the node pole: inside Facebook’s Swedish hub near the Arctic Circle‘, all innocent news, one could surmise that it is just a space filler. Or was it done to give extra view to the article ‘Facebook is making more and more money from you. Should you be paid for it?‘, or perhaps to give extra light to ‘Facebook case may force European firms to change data storage practices‘, which I gave my views on in my previous blog. You decide!

In the business section we see VW to get some centre stage, which makes perfect sense and that is just the Guardian. The independent also has a go at Facebook, but now has a go at its users, well, actually it is not the Independent, but the employee tribunal. Now the article shows all kind of signs of bullying, which is never OK and in that regard Rachael Roberts has a real case, but in light of the events, Mrs Bird does not seem to be a friend of Mrs Roberts, so why is the act of unfriending on Facebook the killer? Yet it is the quote “But employment lawyer Josh Bornstein told ABC news the unfriending incident was found to be workplace bullying in the context of several other issues“, which baffles me, if they are not friends, one or the other could unfriend the other party, that part seems clear cut to me, not bullying. So out of the 18 allegations of bullying in total, the unfriending in Facebook took the cake? It does not add up to me!

In addition we see two whole articles on Facebook being down and oh yes, the new iPhone is for sale! Let’s not forget the fact that the iPhone now allows for sextracking. So, parents buy your boy or girl on of these bad boys so you can find new ways on how you are about to become a grandparent! Really? You need to keep scores on your phone now? Didn’t Ashley Maddison teach you anything regarding sex that is on the internet, everyone will know soon thereafter?

Finally they also gave visibility to ‘Hospital apologises for removing RAF sergeant from A&E because uniform could ‘upset’ patients‘, which is a can of worms in its own right. In that light I expect the NHS to move all drug and binge drink casualties to their basement as not to invoke bad thoughts from the Presbyterian community. How insane was the idea to move a wounded RAF sergeant in the first place!

All these events, some are actually news, but no one seems to have any balls. No one is looking at Pricewaterhouse Coopers. Which of course ties in nicely with the words of the Dalai Lama ‘Dalai Lama on Britain’s policy towards China: ‘Where is morality?’’, the answer might not be such a high moral one, it goes a little like “Who is willing to suck the smallest extremity for the good of one’s career?

To some extent we can accept that the SFO is silent, only to the smallest extent. You see Tesco is dealing with a write-off of £6.4bn, which of course is massive. We have seen all the news on how some former Tesco entities are getting grilled (as they should) but the press on many levels in many nations keep on rehashing the old news and no one is digging into PwC. No one is digging there. Does that not sound awfully weird? Yet here is the kicker, we see more and more messages like ‘Multinational tax avoiders targeted’, with quotes like “while the American Chamber of Commerce in Australia warned about throwing up new hurdles in what is already a high-cost economy. The chamber’s board includes representatives from ConocoPhillips, GE, Boeing, PwC and Exxon Mobile“, yes it seems it is never a good time to go after tax avoiders (not to mention the impact it has on the bonus benefits for those working in that part of the financial branch).

Before you whisk this away as mere banter (which you are of course allowed to do), take a look at this article that is a little over a week old. It is from the Wall Street Journal, which I do not look into too often. The article (at http://blogs.wsj.com/cio/2015/09/15/the-morning-download-identity-theft-key-to-attack-on-cisco-routers/) called ‘The Morning Download: Identity Theft Key to Attack on Cisco Routers‘, starts with: “Good morning. The international attacks on Cisco Systems Inc. routers, disclosed earlier today by security firm FireEye Inc.’s Mandiant unit, began with the theft of legitimate network credentials. Securing and managing the identity of network users continues to be a massive challenge for CIOs and CISOs and ultimately, the CEO and the board. The attacks have been named ‘SYNful’ because of how the malicious software moves across routers using their syndication functions “Cisco said SYNful did not take advantage of any vulnerability in its own software. Instead it stole valid network administration credentials from organizations targeted in the attacks or by gaining physical access to their routers,” Reuters reports today. Mandiant said in a blog post that it had found 14 instances of router implants, which replace Cisco’s operating system

Now, to complement that statement, I will add the following. On June 5th (more than 3 months before the WSJ article), I wrote ‘In reference to the router‘ (at https://lawlordtobe.com/2015/06/05/in-reference-to-the-router/) , here I stated: “Soon thereafter no more firewall, no more routers, just the bliss of cloud servers and data, so much data!“, which reflected on the article I wrote on February 8th (more than 7 months before the WSJ), there I wrote “I think that ‘hackers’ have created a new level (as I mentioned before). I think that Cisco IOS was invisibly patched“, (at https://lawlordtobe.com/2015/02/08/the-next-cyber-wave/). I was literally accused by some to be insane, there was no way that this would EVER happen. Now we see in the Wall Street Journal: “Mandiant said in a blog post that it had found 14 instances of router implants, which replace Cisco’s operating system“, interesting how I am now proven correct. Are the members of the Baboon family (usually found in the FBI) reconsidering their North-Korean option? Let’s face it, this took top level skills, we can (as I pointed out in the past) find those boffins in the US, UK, FR, the FSB and Chinese Intelligence, however in North Korea not that much!

The Reuters article shows a lot more (at http://www.reuters.com/article/2015/09/16/us-cybersecurity-routers-cisco-systems-idUSKCN0RF0N420150916), however, they are just rehashing something I stated for almost a year, the quote ““That feat is only able to be obtained by a handful of nation-state actors,” DeWalt said, while declining to name which countries he suspected might be behind the Cisco router attacks” adds to my view that I was correct all along (finally another ‘I told you so!’ opportunity). The only difference is, is that DeWalt includes Israel, I have no real quality data on the Israeli cyber capabilities, so I am willing to give him that one. Finally we should consider the quote “Infected hardware devices include Cisco routers 1841, 2811 and 3825“, which is fair enough, yet in my article I offer the option that the CF unit found in nearly EVERY router could also open doors, so the danger could in theory go far beyond those three routers.

I also stated that my thoughts were based on sound speculation. You might wonder what sound speculation is. Basically, it means that even as I might not have them skills to program, I do understand that my solution is viable, the fact that routers are getting programmed with a new OS is clear evidence of that. In addition, it also gives weight to two infestation systems I speculated on as well as the weakness that those believing in the cloud are not realising at present. I was willing to look beyond the veil, a side everyone ignored. Yet when a router can be reprogrammed to the extent it was, also clearly means that data in motion is no longer safe, which means that pretty much any cloud data can be gotten too, the user only has to access the file to make that happen.

I even had a thought on dealing with the Iranian glow in the dark power plants when the time is there, just by thinking out of the box. It does involve a Piranha valve (which actually already exists in name, but mine is so much cooler). None of this is newsworthy, speculative opinion one might state. Yet in my speculation, I have shown solutions to be real in several occasions and in addition to that I also clearly outlined long before the press decided to show the minimalistic amount of balls (read testicles), that a look into Pricewaterhouse Coopers was adamant. It seems that apart from a December 2014 message from the SFO (rehashed by nearly all papers) not much happened, apart from that news, the press at large stayed clear of mentioning PwC and Tesco in one sentence. Is that not utterly weird?

Of course the luggage of someone’s mum in Tenerife (shipping at £122) gets front seat exposure, yet, the issue on £6.4bn getting lost due to assistance (better stated too weak opposition) by Pricewaterhouse Coopers seems too trivial to keep pressure on. Way to go Consumer Champions, Money! I actually mean that! They did do a good job and they have done so in the past, yet I fear that a letter by Dave Lewis on how his firm lost £6.4bn as the keeper of his books was not prudent, or is that tenacious enough to ring that bell very loudly when things looked too odd. Will Consumer Champions find that money? Will they write “Pricewaterhouse Coopers must accept responsibility for the signing off on books as the “accountant”?” Consumer Champions might not get this done, which is fair enough. It should not be on their plate, but the parties this should be very visible on are also not doing anything as far as we can tell, they remain silent, they remain this silent after 9 months.

Yet in all this there is one part both the Guardian and the Independent are getting right. It is the news on the NHS, there are massive problems and knowing them all is essential in finding a solution. In this matter the press has played a good role. In my view exposing former and current politicians a little more on the political game they play, so that we all understand that a proper solution is needed and taking the politicians out of that equation might not be the worst idea, the end result stays the same, the NHS is now too close on the edge of collapse to be acceptable, yet where lies the solution? Although I understand the issue the Independent shows, I partially disagree. The headline ‘New NHS junior doctor contract would discriminate against women, senior medics warn‘ is not incorrect (at http://www.independent.co.uk/life-style/health-and-families/health-news/new-nhs-junior-doctor-contract-would-discriminate-against-women-senior-medics-warn-10516885.html), yet in all fairness, the quote “Under the new contract, trainees who decide to work part-time would see their pay increase more slowly than their colleagues” is a can of worms! Why would my co-worker doing 32 hours get the same raise as myself working 60 hours? (Remember, I am not a doctor). A choice was made! Yet, there is a level of fairness here too. Which means that to tackle it should be done in another way. Even as there is a shortage, the burnout of physicians is a known issue and making a maximum of 40 hours a week a mandatory status could be close to the only solution. Perhaps we have been too indulged, perhaps some options should only be there during the week. Perhaps the change to healthcare is essential (like hiring 40% more staff), but we also accept that at current not one government remains to afford that change (well perhaps Easter Island where there are less than 10 doctors). In the end the system has been ignored for too long. Too many politicians are on the ‘let’s get the computers up and running‘ whilst they know that staff will remains a problem for a long time.

That is news! That is what matters, but too many papers and too many news broadcasts are about the emotions and not the actual news that matters. That might be an incorrect view and a very biased view. It might be that some news is more important than other news parts, I will instantly agree, yet in all that the complete silence from pretty much all the papers regarding Tesco and some involved book keeping parties remains a mystery to me, how is that part not news? We will see more events that will not get the proper light in newspapers, both in paper as well as online, I’ll let you decide how that measurement applies to an involved party to events that started a £6.4bn downgrade.

 

Leave a comment

Filed under Finance, IT, Law, Media, Politics, Science