Tag Archives: North-Korea

September 22, 2016 · 12:18

Targeting the FBI

Do not worry, the FBI is not under attack from any hostile force, in this particular case it is me who will be on the offensive regarding statements made in 2014. Let me explain why. To get to the start of this event, we need to take a step back, to be a little more precise we need to turn to the moment 645 days ago when we read that Sony got hacked, it got hacked by none other than North Korea. It took me around an hour to stop laughing, the stomach cramps from laughter are still on my mind when I think back to that day. By the way, apart from me having degrees in this field. People a lot more trustworthy in this field, like Kim Zetter for Wired Magazine and Kurt Stammberger from cyber security firm Norse. The list of sceptics as well as prominent names from the actual hacking world, they all had issues with the statements.

We had quotes from FBI Director James Comey on how tightly internet access is controlled there (which is actually true), and (at https://www.fbi.gov/news/pressrel/press-releases/update-on-sony-investigation) we see “the FBI now has enough information to conclude that the North Korean government is responsible for these actions“. I am pretty sure that the FBI did not expect that this would bite them down the track. This all whilst they rejected the alternate hack theory that Cyber Intelligence firm Norse gave (at http://www.politico.com/story/2014/12/fbi-rejects-alternate-sony-hack-theory-113893). Weirdly enough, the alternative option was no less than ten times more possible then the claim that some made. Another claim to have a giggle at came from Homeland Security, the quote was “The cyber-attack against Sony Pictures Entertainment was not just an attack against a company and its employees. It was also an attack on our freedom of expression and way of life“, which is a political statement that actually does not say much. The person making it at the time was Jeh Johnson.

You see, this is all coming to light now for the weirdest of reasons. The Guardian (at https://www.theguardian.com/world/2016/sep/21/north-korea-only-28-websites-leak-official-data). The subtitle gives us “Apparent error by a regime tech worker gave the world a rare glimpse into the few online sources of information available“, so one of these high profile worldly infamous hackers got a setting wrong and we get “But its own contribution to the world wide web is tiny, according to a leak that revealed the country has just 28 registered domains. The revelation came after one of North Korea’s top-level name servers was incorrectly configured to reveal a list of all the domain names under the domain .kp“, you see, here we see part of the fun that will now escalate.

In this I invite NSA director Admiral Michael Rogers and FBI Director James Comey to read this, take note, because it is a free lesson in IT (to some extent). It is also a note for these two to investigate what talents their agencies actually have and to get rid of those who are kissing your sitting area for political reasons (which is always good policy). When  the accused nation has 28 websites, it is, I agree not an indication of other internet elements, but let me add to this.

The need to prototype and test any kind of malware and the infrastructure that could actually be used against the likes of Sony might be routed via North-Korea, but could never originate there. The fact that your boffins can’t tell the difference is a clear given that the cyber branch of your organisations are not up to scrap. In that case it is now imperative that you both contact Major General Christopher P. Weggeman, who is the Commander, 24th Air Force and Commander, Air Forces Cyber (AFCYBER). He should most likely be at Lackland Air Force Base, and the phone number of the base is (210) 671-1110. I reckon setting up a lunch meeting and learn a thing or two is not entirely unneeded. This is not me being sarcastic, this is me telling you two that the case was mishandled, got botched and now that due to North Korean ‘expertise’, plenty of people will be asking questions. The time requirement to get the data that got taken was not something that happened overnight. For the simple reason that that much data would have lit up an internet backbone and ever log alarm would have been ringing. The statement that the FBI made “it was unlikely that a third party had hijacked these addresses without allowance from the North Korean government” was laughable because of those pictures where we saw the Korean high-command behind a desktop system with a North Korean President sitting behind what is a mere desktop that has the computation equivalent of a Cuisena Egg Beater ($19.95 at Kitchen Warehouse).

Now, in opposition, I sit myself against me. You see, this might just be a rant, especially without clarification. All those North Korean images could just be misdirection. You see, to pull of the Sony caper you need stimulation, like a student would get at places like MIT, Stanford, or UTS. Peers challenging his solutions and blocking success, making that person come up with smarter solutions. Plenty of nations have hardware and challenging people and equipment that could offer it, but North Korea does not have any of that. The entire visibility as you would see from those 28 domains would have required to be of much higher sophistication. You see, for a hacker, there needs to be a level of sophistication that is begotten from challenge and experience. North Korea has none of that. Evidence of that was seen a few years ago when in 2012 in Pyongyang I believe, a press bus took a wrong turn. When some reporters mentioned on how a North Korean (military I believe) had no clue on smartphones. I remember seeing it on the Dutch NOS News program. The level of interaction and ignorance within a military structure could not be maintained as such the military would have had a clue to a better extent. The ignorance shown was not feigned or played, meaning that a technological level was missing, the fact that a domain setting was missed also means that certain monitoring solutions were not in place, alerting those who needed to on the wrongful domain settings, which is essential in regards to the entire hacking side. The fact that Reddit and several others have screenshots to the degree they have is another question mark in all this last but not least to those who prototype hacking solutions, as they need serious bandwidth to test how invisible they are (especially regarding streaming of Terabytes of Sony data), all these issues are surfacing from this mere article that the Guardian might have placed for entertainment value to news, but it shows that December 2014 is a very different story. Not only does it have the ability to exonerate the

We see a final quote from Martyn Williams, who runs the North Korea Tech blog ““It’s important to note this isn’t the domain name system for the internal intranet,” Williams wrote. “That isn’t accessible from the internet in any way.”” which is true to some extent. In that case take a look to the PDF (at https://www.blackhat.com/presentations/bh-usa-07/Grossman/Whitepaper/bh-usa-07-grossman-WP.pdf) from WhiteHat security. On page 4 we get “By simply selecting common net-block, scans of an entire Class-C range can be completed in less than 60 seconds“, yes, I agree you do not get that much info from that, but it gives us to some extent usage, you see, if something as simple as a domain setting is wrong, there is a massive chance that more obscure essential settings on intranet level have been missed, giving the ‘visitor’ options to a lot more information than most would expect. Another matter that the press missed (a few times), no matter how Time stated that the world was watching (at http://time.com/3660757/nsa-michael-rogers-sony-hack/), data needs to get from point to point, usually via a router, so the routers before it gets to North Korea, what were those addresses, how much data got ported through?

You see, the overreaction from the FBI, Homeland Security, NSA et al was overly visible. The political statements were so out in the open, so strong, that I always wondered: what else? You see, as I see it, Sony was either not the only one who got hacked, or Sony lost something else. The fact that in January 2015 Sony gave the following statement “Sony Entertainment is unable to confirm that hackers have been eradicated from its computer systems more than a month after the film studio was hit by a debilitating cyber-attack, a report says“, I mentioned it in my article ‘Slander versus Speculation‘ (at https://lawlordtobe.com/2015/01/03/slander-versus-speculation/). I thought it was the weirdest of statements. Basically, they had almost 3 weeks to set up a new server, to monitor all data traffic, giving indication that not only a weird way was used to get to the data (I speculated on an option that required it to be an inside job), yet more important, the fact that access had not been identified, meaning it was secured gave way to the issue that the hackers could have had access to more than just what was published. That requires a little bit more explanation. You see, as I personally see it, to know a transgressor we need to look at an oversimplified equation: ‘access = valid people + valid systems + threats‘ if threats cannot be identified, the issue could be that more than one element is missing, so either you know all the access, you know all the people and you know the identity of valid systems. Now at a place like Sony it is not that simple, but the elements remain the same. Only when more than one element cannot be measured do you get the threats to be a true unknown. That is at play then and it is still now. So if servers were compromised, Sony would need a better monitoring system. It’s my personal belief (and highly speculative) that Sony, like many other large companies have been cutting corners so certain checks and balances are not there, which makes a little sense in case of Sony with all those new expansions corners were possibly cut and at that point it had an IT department missing a roadmap, meaning the issue is really more complex (especially for Sony) because systems are not aligned. Perhaps that is the issue Sony had (again this is me speculating on it)?

What is now an issue is that North Korea is showing exactly as incapable as I thought it was and there is a score of Cyber specialists, many of them a lot bigger then I will ever become stating the same. I am not convinced it was that simple to begin with, for one, the amount of questions the press and others should have been asking regarding cloud security is one that I missed reading about and certain governmental parts in the US and other nations have been pushing for this cheaper solution, the issue being that it was not as secure as it needed to be, yet the expert levels were not on par so plenty of data would have been in danger of breaching. The question I had then and have now a lot louder is: “Perhaps Sony showed that cloud server data is even less secure than imagined and the level required to get to it is not as high as important stakeholders would need it to be“. That is now truly a question that matters! Because if there is any truth to that speculation, than the question becomes how secure is your personal data an how unaware are the system controllers of those cloud servers? The question not asked and it might have been resolved over the last 645 days, yet if data was in danger, who has had access and should the people have been allowed to remain unaware, especially if it is not the government who gained access?

Questions all worthy of answers, but in light of ‘statements made’ who can be trusted to get the people properly informed? Over the next days as we see how one element (the 28 sites) give more and more credible views on how North Korea was never the culprit, the question then becomes: who was? I reckon that if the likely candidates (China, Russia, UK and France) are considered there might not be an issue at all, apart from the fact that Sony needs to up their Cyber game, but if organised crime got access, what else have they gotten access to?

It is a speculative question and a valid one, for the mere reason that there is at present no valid indication that the FBI cyber unit had a decent idea, especially in light of the official response towards cyber security firm Norse what was going on.

Could I be wrong?

That remains a valid question. Even when we accept that the number of websites are no indication of Intranet or cybersecurity skills, they are indicative, when a nation has less websites than some third world villages, or their schools have. It is time to ask a few very serious questions, because skills only remain so through training and the infrastructure to test and to train incursions on a WAN of a Fortune 500 company is not an option, even if that person has his or her own Cray system to crunch codes. It didn’t make sense then and with yesterday’s revelation, it makes even less sense.

Finally one more speculation for the giggle within us all. This entire exercise could have been done to prevent ‘the Interview’ to become a complete flop. You know that movie that ran in the US in 581 theatres and made globally $11,305,175 (source: Box Office Mojo), basically about 10% of what Wolf of Wall Street made domestically.

What do you think?

 

Leave a comment

Filed under IT, Media, Military, Politics, Science

Tagged as , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

September 27, 2015 · 00:26

What news is news?

There are several pieces, not just in the Guardian, the BBC, the Independent or the Times. They all tell us that they have news, but do they have any actual news? The Guardian shows us a tech article (in the Tech section) called: ‘the node pole: inside Facebook’s Swedish hub near the Arctic Circle‘, all innocent news, one could surmise that it is just a space filler. Or was it done to give extra view to the article ‘Facebook is making more and more money from you. Should you be paid for it?‘, or perhaps to give extra light to ‘Facebook case may force European firms to change data storage practices‘, which I gave my views on in my previous blog. You decide!

In the business section we see VW to get some centre stage, which makes perfect sense and that is just the Guardian. The independent also has a go at Facebook, but now has a go at its users, well, actually it is not the Independent, but the employee tribunal. Now the article shows all kind of signs of bullying, which is never OK and in that regard Rachael Roberts has a real case, but in light of the events, Mrs Bird does not seem to be a friend of Mrs Roberts, so why is the act of unfriending on Facebook the killer? Yet it is the quote “But employment lawyer Josh Bornstein told ABC news the unfriending incident was found to be workplace bullying in the context of several other issues“, which baffles me, if they are not friends, one or the other could unfriend the other party, that part seems clear cut to me, not bullying. So out of the 18 allegations of bullying in total, the unfriending in Facebook took the cake? It does not add up to me!

In addition we see two whole articles on Facebook being down and oh yes, the new iPhone is for sale! Let’s not forget the fact that the iPhone now allows for sextracking. So, parents buy your boy or girl on of these bad boys so you can find new ways on how you are about to become a grandparent! Really? You need to keep scores on your phone now? Didn’t Ashley Maddison teach you anything regarding sex that is on the internet, everyone will know soon thereafter?

Finally they also gave visibility to ‘Hospital apologises for removing RAF sergeant from A&E because uniform could ‘upset’ patients‘, which is a can of worms in its own right. In that light I expect the NHS to move all drug and binge drink casualties to their basement as not to invoke bad thoughts from the Presbyterian community. How insane was the idea to move a wounded RAF sergeant in the first place!

All these events, some are actually news, but no one seems to have any balls. No one is looking at Pricewaterhouse Coopers. Which of course ties in nicely with the words of the Dalai Lama ‘Dalai Lama on Britain’s policy towards China: ‘Where is morality?’’, the answer might not be such a high moral one, it goes a little like “Who is willing to suck the smallest extremity for the good of one’s career?

To some extent we can accept that the SFO is silent, only to the smallest extent. You see Tesco is dealing with a write-off of £6.4bn, which of course is massive. We have seen all the news on how some former Tesco entities are getting grilled (as they should) but the press on many levels in many nations keep on rehashing the old news and no one is digging into PwC. No one is digging there. Does that not sound awfully weird? Yet here is the kicker, we see more and more messages like ‘Multinational tax avoiders targeted’, with quotes like “while the American Chamber of Commerce in Australia warned about throwing up new hurdles in what is already a high-cost economy. The chamber’s board includes representatives from ConocoPhillips, GE, Boeing, PwC and Exxon Mobile“, yes it seems it is never a good time to go after tax avoiders (not to mention the impact it has on the bonus benefits for those working in that part of the financial branch).

Before you whisk this away as mere banter (which you are of course allowed to do), take a look at this article that is a little over a week old. It is from the Wall Street Journal, which I do not look into too often. The article (at http://blogs.wsj.com/cio/2015/09/15/the-morning-download-identity-theft-key-to-attack-on-cisco-routers/) called ‘The Morning Download: Identity Theft Key to Attack on Cisco Routers‘, starts with: “Good morning. The international attacks on Cisco Systems Inc. routers, disclosed earlier today by security firm FireEye Inc.’s Mandiant unit, began with the theft of legitimate network credentials. Securing and managing the identity of network users continues to be a massive challenge for CIOs and CISOs and ultimately, the CEO and the board. The attacks have been named ‘SYNful’ because of how the malicious software moves across routers using their syndication functions “Cisco said SYNful did not take advantage of any vulnerability in its own software. Instead it stole valid network administration credentials from organizations targeted in the attacks or by gaining physical access to their routers,” Reuters reports today. Mandiant said in a blog post that it had found 14 instances of router implants, which replace Cisco’s operating system

Now, to complement that statement, I will add the following. On June 5th (more than 3 months before the WSJ article), I wrote ‘In reference to the router‘ (at https://lawlordtobe.com/2015/06/05/in-reference-to-the-router/) , here I stated: “Soon thereafter no more firewall, no more routers, just the bliss of cloud servers and data, so much data!“, which reflected on the article I wrote on February 8th (more than 7 months before the WSJ), there I wrote “I think that ‘hackers’ have created a new level (as I mentioned before). I think that Cisco IOS was invisibly patched“, (at https://lawlordtobe.com/2015/02/08/the-next-cyber-wave/). I was literally accused by some to be insane, there was no way that this would EVER happen. Now we see in the Wall Street Journal: “Mandiant said in a blog post that it had found 14 instances of router implants, which replace Cisco’s operating system“, interesting how I am now proven correct. Are the members of the Baboon family (usually found in the FBI) reconsidering their North-Korean option? Let’s face it, this took top level skills, we can (as I pointed out in the past) find those boffins in the US, UK, FR, the FSB and Chinese Intelligence, however in North Korea not that much!

The Reuters article shows a lot more (at http://www.reuters.com/article/2015/09/16/us-cybersecurity-routers-cisco-systems-idUSKCN0RF0N420150916), however, they are just rehashing something I stated for almost a year, the quote ““That feat is only able to be obtained by a handful of nation-state actors,” DeWalt said, while declining to name which countries he suspected might be behind the Cisco router attacks” adds to my view that I was correct all along (finally another ‘I told you so!’ opportunity). The only difference is, is that DeWalt includes Israel, I have no real quality data on the Israeli cyber capabilities, so I am willing to give him that one. Finally we should consider the quote “Infected hardware devices include Cisco routers 1841, 2811 and 3825“, which is fair enough, yet in my article I offer the option that the CF unit found in nearly EVERY router could also open doors, so the danger could in theory go far beyond those three routers.

I also stated that my thoughts were based on sound speculation. You might wonder what sound speculation is. Basically, it means that even as I might not have them skills to program, I do understand that my solution is viable, the fact that routers are getting programmed with a new OS is clear evidence of that. In addition, it also gives weight to two infestation systems I speculated on as well as the weakness that those believing in the cloud are not realising at present. I was willing to look beyond the veil, a side everyone ignored. Yet when a router can be reprogrammed to the extent it was, also clearly means that data in motion is no longer safe, which means that pretty much any cloud data can be gotten too, the user only has to access the file to make that happen.

I even had a thought on dealing with the Iranian glow in the dark power plants when the time is there, just by thinking out of the box. It does involve a Piranha valve (which actually already exists in name, but mine is so much cooler). None of this is newsworthy, speculative opinion one might state. Yet in my speculation, I have shown solutions to be real in several occasions and in addition to that I also clearly outlined long before the press decided to show the minimalistic amount of balls (read testicles), that a look into Pricewaterhouse Coopers was adamant. It seems that apart from a December 2014 message from the SFO (rehashed by nearly all papers) not much happened, apart from that news, the press at large stayed clear of mentioning PwC and Tesco in one sentence. Is that not utterly weird?

Of course the luggage of someone’s mum in Tenerife (shipping at £122) gets front seat exposure, yet, the issue on £6.4bn getting lost due to assistance (better stated too weak opposition) by Pricewaterhouse Coopers seems too trivial to keep pressure on. Way to go Consumer Champions, Money! I actually mean that! They did do a good job and they have done so in the past, yet I fear that a letter by Dave Lewis on how his firm lost £6.4bn as the keeper of his books was not prudent, or is that tenacious enough to ring that bell very loudly when things looked too odd. Will Consumer Champions find that money? Will they write “Pricewaterhouse Coopers must accept responsibility for the signing off on books as the “accountant”?” Consumer Champions might not get this done, which is fair enough. It should not be on their plate, but the parties this should be very visible on are also not doing anything as far as we can tell, they remain silent, they remain this silent after 9 months.

Yet in all this there is one part both the Guardian and the Independent are getting right. It is the news on the NHS, there are massive problems and knowing them all is essential in finding a solution. In this matter the press has played a good role. In my view exposing former and current politicians a little more on the political game they play, so that we all understand that a proper solution is needed and taking the politicians out of that equation might not be the worst idea, the end result stays the same, the NHS is now too close on the edge of collapse to be acceptable, yet where lies the solution? Although I understand the issue the Independent shows, I partially disagree. The headline ‘New NHS junior doctor contract would discriminate against women, senior medics warn‘ is not incorrect (at http://www.independent.co.uk/life-style/health-and-families/health-news/new-nhs-junior-doctor-contract-would-discriminate-against-women-senior-medics-warn-10516885.html), yet in all fairness, the quote “Under the new contract, trainees who decide to work part-time would see their pay increase more slowly than their colleagues” is a can of worms! Why would my co-worker doing 32 hours get the same raise as myself working 60 hours? (Remember, I am not a doctor). A choice was made! Yet, there is a level of fairness here too. Which means that to tackle it should be done in another way. Even as there is a shortage, the burnout of physicians is a known issue and making a maximum of 40 hours a week a mandatory status could be close to the only solution. Perhaps we have been too indulged, perhaps some options should only be there during the week. Perhaps the change to healthcare is essential (like hiring 40% more staff), but we also accept that at current not one government remains to afford that change (well perhaps Easter Island where there are less than 10 doctors). In the end the system has been ignored for too long. Too many politicians are on the ‘let’s get the computers up and running‘ whilst they know that staff will remains a problem for a long time.

That is news! That is what matters, but too many papers and too many news broadcasts are about the emotions and not the actual news that matters. That might be an incorrect view and a very biased view. It might be that some news is more important than other news parts, I will instantly agree, yet in all that the complete silence from pretty much all the papers regarding Tesco and some involved book keeping parties remains a mystery to me, how is that part not news? We will see more events that will not get the proper light in newspapers, both in paper as well as online, I’ll let you decide how that measurement applies to an involved party to events that started a £6.4bn downgrade.

 

Leave a comment

Filed under Finance, IT, Law, Media, Politics, Science

Tagged as , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

June 5, 2015 · 20:58

In reference to the router

Is this a case of Mythopoeia? Am I the JRR Tolkien of bloggers (I wish) and writer of facts by a non-journalist? It might be. You see, this is all about a mythological theme that is constant as war is, because war never changes! Its concept and construct is as old as the first ‘soldier’ who combined a flint and a stick and started to spear people. In this mindset it is all about the other person, an archaic approach to the issue that does not lie beneath, it’s in front of the person not seeing what is right in front of him/her.

It is also the first evidence that we consider the concept ‘old soldier never die, they simply fade away’ to be no longer a genuine consideration. In this day and age, the old soldier gets his/her references deleted from the database of considerations. We remain with nothing more than an old person that cannot connect or interact, the router won’t let him/her!

This is how it begins, this is about certain events that just occurred, but I will specify this momentarily, you see, it goes back to an issue that Sony remembers rather well they got hacked. It was a long and hard task to get into that place Login=BigBossKazuoHirai; Password=WhereDreamsComeTrue;

Soon thereafter no more firewall, no more routers, just the bliss of cloud servers and data, so much data! The people behind it were clever, and soon it was gone and the blame fell to the one nation that does not even have the bandwidth to get 10% past anything. Yes, North Korea got blamed and got fingered and in all that the FBI and other spokespeople gave the notion that it was North Korea. The people who understand the world of data know better, it was the only player less then least likely to get it done, the knowhow and the infrastructure just isn’t there. I did have a theory on how it was done and I published that on February 8th 2015 (at https://lawlordtobe.com/2015/02/08/the-next-cyber-wave/) in the article called ‘The next cyber wave’. It is only a theory, but it is a lot more reliable and likely than a North Korean incursion because of a movie no one cares about.

The FBI has plenty of achievements (FIFA being the latest one), but within the FBI there is a weakness, not a failing, but a weakness. Because the US has such a niche setup for NSA, CIA and other Intel officers, their offices are for the most still archaic when it come to the digital era. They go to all the events, spend millions on courses and keep up to date, but for the most, these people are following a wave that is one generation old, they follow, they do not lead. The entire Edward Snowden issue is clear evidence. I remain to regard him a joke, not a hacker, so far he is just placed on a pedestal by the press, who have created something unreal and whatever they do not to change it, it will only cut themselves. That is the fall-back of creating an artificial hero who isn’t one.

Yet, this is not about Snowden, he is only an element. Now we get to the concept of paleo-philosophy and how it hits government structures behind IT. This all started yesterday (at http://www.theguardian.com/technology/2015/jun/04/us-government-massive-data-breach-employee-records-security-clearances), where we see ‘OPM hack: China blamed for massive breach of US government data’. Now first of all, if one power can do this, than it is China! France, UK and a few others can do it too, but let’s just assume it is not an ally! Here is where the entire paleo-philosophy comes into play. You see, even though war remained constant, the players changed and for the most, it is no longer about governments. This is all about corporations. Even the movies are catching on, there is no true side to Russia or China as the enemy. Yes, their students might do it to impress their superiors/professors, but that would just be there defining moment. Ethan Hunt is not hunting a nation, it is now hunting conglomerates, large players who remain and require to be zero percent taxable. Those are the actual ream enemies for the UK, the US and China. You see, I am not stating it was not China, I am only questioning the reasoning and other acts. You see, I tried to get an answer from State Secretary John Kerry at +1-202-647-9572, who does not seem to be answering the phone, neither is his right hand man, Jonathan J. Finer at +1-7234 202-647-8633. This is not a secret, the State Department has the PDF with office numbers, locations and phone numbers in an open PDF and you can Google the little sucker! In the age where loads of stuff is open the right person can combine tonnes of data in a moment’s notice.

So can the larger players! The quote in the beginning is the kicker “the impact of a massive data breach involving the agency that handles security clearances and US government employee records“, you see loads of this information is already with intelligence parts and counter parts. I reckon Beijing and Moscow had updated the records within the hour that the next record keeper moved into the office. Yet, now in 2015, as the engine starts up for the presidential elections of 2016, that data is important to plenty of non-governments, that part is not seen anywhere is it?

Then we get “A US law enforcement source told the Reuters news agency on Thursday night that a ‘foreign entity or government’ was believed to be behind the attack“, which is fair enough, so how was the jump made to China? You see, only 5 weeks ago, the Financial Review gave us “US Treasury pressures Tony Abbott to drop ‘Google tax’” (at http://www.afr.com/news/policy/tax/us-treasury-pressures-tony-abbott-to-drop-google-tax-20150428-1mu2sg). So as the Obama administration ‘vowed’ to crackdown on Tax avoidance, they are really not the player who wants to do anything to upset those luscious donators of pieces of currency paper (loads of currency paper), so a mere 6 months later the US, is trying to undo what they promised, whilst still trying to push the TPP papers through the throats of consumers everywhere, what an interesting web we weave!

You see, for the large corporation that list of who has access to papers, and his/her situation is worth gold today, for the Chinese a lot less so. Yet, I am not writing China off as a possible culprit! Let’s face it, they are not North Korea, which means that they do not need to power their router with a Philips 7424 Generator! So at this point, I would tend to agree with Chinese foreign ministry spokesman Hong Lei who branded the accusations “irresponsible and unscientific” at a news briefing on Friday.

Now we get to the quote that is central to the entire paleo-philosophy matters: “DHS is continuing to monitor federal networks for any suspicious activity and is working aggressively with the affected agencies to conduct investigative analysis to assess the extent of this alleged intrusion”, first of all, I am not having a go at the DHS. I have done so in the past with good reason, but this is not that case. I think that in many areas government in not just falling behind, it started to fall behind in 2005 and has been falling behind ever since. Not just them though, organised large corporations like Sony, CVS Health, Valero Energy and Express Scripts Holding are only a few of the corporations that do not even realise the predicament they are in. The Deep Web is not just a place or a community, some of the players there have been organising and have been sharing and evolving that what they know. A massive pool of information, because Data is money, governments know it, corporation know it and THE HACKERS know it too. For them it is all relative easy, they have been living and walking the cloud data with the greatest of ease they can conflict data points and flood certain shared data hosts, only to achieve to get behind the corridor and remain invisible whilst the data is available at their leisure. In that environment the intelligence community is still trying to catch up with the basics (compared to where the hackers are). You see, whilst people in corporations and government are all about politics, those hackers were bout mayhem and anarchy, now they are figuring out that these skills get them a wealthy and luxurious lifestyle and they like the idea of not having a degree whilst owning most of Malibu Drive, a 21st century Point Break, where the funds allow them to party all the time. Corporations got them into that thinking mode. So were the culprits ‘merely’ hackers or was it a foreign government? That is the question I am unable to answer with facts, but to point at China being likely is event less assuring. Consider who gains power with that data? This much data can be up for sale, it can be utilised. In the premise of both, China is not unlikely, but what is ‘more likely than not’ is also a matter, even though that question is less easily answered and without evidence (I have none) any answer should not be regarded as reliable!

Now we get to the quote “Embassy spokesman Zhu Haiquan said China had made great efforts to combat cyberattacks and that tracking such events conducted across borders was difficult” it is correct, it matters and it is to the point. In addition, we must accept that trackers can also be set on the wrong path, it is not easy, but it can be done, both the hackers and China have skills there, as do the NSA and GCHQ. Yet, in all that, with the Sony hack still fresh in memory, who did it, which is the interesting question, but WHY is more interesting. We tend to focus on clearances here, but what else was there? What if the OPM has health details? What is the value of health risk analyses of 4 million people? At $10 a month that is a quick and easy half a billion isn’t it?

You see, the final part is seen here: “DHS is continuing to monitor federal networks for any suspicious activity and is working aggressively with the affected agencies to conduct investigative analysis to assess the extent of this alleged intrusion”, This is to be expected, but the intruders know this too, so how did they get past it all again? That is the issue, I gave in my earlier blog one possible solution, but that could only be done through the inside person, to be clear of that, someone did a similar thing in the cloud, or in the stream of data, in a way that it does not show. Perhaps a mere pressure of data in a shared cloud point is all it took to get past the security. How many data packages are lost? what intel is gained from there, perhaps it is just a pure replication of packages job, there is no proper way to monitor data in transit, not in cloudy conditions, so as we see that more data is ‘breached’ we all must wonder what the data holders, both government and non-government are not ready for. It is the data of you and me that gets ‘sold’ who does it get sold to?

So as we see an article of a data hack and a photo of routers and wiring, which looks geeky and techy, was this in reference to the router? Or perhaps it is in reference to a reality many in charge are not ready to face any day soon, and in light of the upcoming US elections of 2016, some of these politicians definitely do not want to face it before 2017. Like the Google Tax, let the next person fix it!

A preferred political approach that will allow them to lose exclusivity of your data real fast!

 

2 Comments

Filed under Finance, IT, Media, Military, Politics, Science

Tagged as , , , , , , , , , , , , , , , , , , , , ,

April 15, 2015 · 18:33

When you BS the customer

I have had three issues on that matter, all in one week, so I reckon that I am slightly agitated in regards to projected presenters of misinformation with intent (also known as recruiters). If that was not enough, in the tech sector Verizon added to this with the article in the Guardian (at http://www.theguardian.com/technology/2015/apr/14/mobile-malware-report-verizon-smartphone-adnoyance). The article is interesting for more than one reason, so let’s get to it.

The title is a valid question as it states ‘Is mobile malware a lot of fuss over nothing?’, some will say yes, a lot more will say no. Yet, how much of an issue is mobile malware? That is in the end a valid question. Verizon, a telecom provider goes for the ‘adnoyance’ key. They are depending on people relying on a provider as without it there is no phone, but is malware just the annoyance of advertisement? Many, including me are not convinced.

One source http://securityxploded.com/demystifying-android-malware.php, gave us clear goods. The article is very ‘techie’, but also very clear, showing step by step the issue in play.

At step 8, we get the part where we see what is going on: “The application sends an SMS to the premium number 1066185829 with the text 921X1. In the background, it blocks any incoming delivery report from this number so that the victim does not get any response regarding the SMS that the application sends in the background. Also, the SMS is sent only once and never again so that the victim has no suspicion of what caused the SMS charges to be sent to him“, premium numbers are a lot more expensive, which could be around $0.75 for one SMS. Now many will not care, thinking it happened once. So what is the deal? Well, see what it amounts to when it is done a million times. We all funded one criminal $750,000 for being clever. When we go back to the beginning of the article we get “McAfee’s first quarter threat report [Reference 1] stated that with 6 million unique samples of recorded malware, Q1 2011 was the most active first quarter in malware history“. Now, not all of them were about money, advertisement annoyance is a chunk here, but the casual air of Verizon becomes slightly offensive, or so it should be when we consider that dozens of creative souls are trying to spike their bank account in this way.

Yet, the one-time loss of $0.75 is not really an issue for the consumers at large, but what is?

Now, I get back at the issue I illustrated a long time ago, when we suddenly got those issues with Facebook messenger. Where you were giving it the right to record Audio. Before I continue, I must be fair to Facebook to and add an article here (at http://www.androidcentral.com/facebook-messenger-permissions-not-scary-stories-might-have-you-believe), it goes over many rights and it does try to suss a few issues (in a good way). There were however a few other issues, mainly connected to Facebook messenger draining the battery in massive ways. My issue here is that if it drains the battery, what is it using the energy for? Just to keep the mobile out of a sleep state?

Gizmodo (at http://gizmodo.com/facebooks-messenger-app-logs-way-more-data-than-you-rea-1633441673) gave us this: “Ever since Facebook first started pushing users over to its standalone messaging app (whether they liked it or not), there have been cries of outrage over what’s seemed like an inordinately large amount of required permissions. And while there’s still no indication that Facebook has any sort of bad intent, the company is collecting a startling cache of data, according to security researcher Jonathan Zdziarski“.

In addition we get “In an email, Zdziarski said that Messenger is logging practically everything a user might do within the app, from what and where they tap, to how often a device is held in portrait versus landscape orientation; even time spent in the Messenger app, versus the time it spends running in the background. …”[Facebook is] using some private APIs I didn’t even know were available inside the sandbox to be able to pull out your WiFi SSID (which could be used to snoop on which WiFi networks you’re connected to) and are even tapping the process list for various information on the device,” he wrote in an email.

Now, like Jonathan Zdziarski, I feel compelled to believe that Facebook is not doing anything wrong or illegal, but they are collecting huge amounts of data, by the way, when this is transmitted, will that be taken of your monthly data allowance? Seems to me that Verizon is downplaying the pressure on the monthly data allowance bill.

Now we get back to Brightcloud, who is giving us ‘Android Malware Exposed‘ (at http://www.brightcloud.com/pdf/Android-Malware-Exposed.pdf). The paper has a part on Spyware. On page 12, they state “Other types of threats are those that spy on you or steal your data. There are a number of apps that are the equivalent to commercial keyloggers found on PCs. These apps offer their services to ‘track’ your kids, spouse or employees. These behaviors are easy to incorporate into an app and this begins with the easy task of requesting the necessary permissions. For example, requesting ACCESS_COARSE_LOCATION, ACCESS_FINE_LOCATION, and READ_SMS will grant you access to SMS messages and GPS location“. This is the issue. It was not the $0.75, but the massive amounts of data that mobiles are working with nowadays. How long until these malware solutions get access to some of the larger collectors like Facebook? It is not that far a leap of suspicion is it?

In addition on that same page we see: “Threats which have used these spying techniques are NickySpy, Spitmo, GGTracker and GoldenEagle. NickySpy is interesting in that it utilizes the MediaRecorder() class to turn on the microphone and discretely record and save conversations to the SD Card. It is also able to send captured data to a remote server, although this functionality is not hard wired in. Below is a snippet of the function responsible for voice recording“. Now we get to the good part. The malware can be capturing events on audio without your consent and stream it. So, it was not just about the rights, it is about the ability that is unlocked to use. We focus on the big player like Facebook and Google, but we forget that data collecting is on the minds of governments, big corporations as well as organised crime and those into identity theft.

There are millions of examples, and Verizon trivialised it as ‘adnoyance’. The truth (as I see it) is that there is an entire echelon of dangers that people remain (intentional or not) oblivious to. One of the conclusions given in the article is “Trojans will continue to be bundled in repackaged APK’s and disguised as legitimate applications. With 900,000 daily Android activations worldwide, social-engineering tactics will continue to be used to trick users into installing malware“, so that friend you know that gave you the location of that free game, might in the end not be that good a friend. Unknown to him or not, that little freebee could be the start of your data going somewhere else.

Verizon might light of an issue, as it does not harm them, but it harms their customers. Instead of heralding Common Smartphone Sense, by making sure that people only download from reputable sources only (like Google Play Store), we see trivialisation. The added sentence ‘it’s unlikely to be the source of disastrous data breaches such as the Sony hack any time soon‘ adds to the failing of this article.

Malware is an issue, malware will continue to be an issue with added dangers over time and Yes, Android (as an open platform) has a larger issue to deal with. Yet, Common Smartphone Sense could reduce the dangers by 80% which is a huge diminishment of the risk the user has. In addition ‘the company estimates that just 0.03% of mobile devices are infected with “higher grade” malicious code each week’, sounds like a small number, but that implies that it is well over 600.000 phones each week. This makes it a clear issue, not a minute part. In the end, we are at 2,000,000,000 smartphones on the planet, and as that group grows, then so will the desire from some to infect that realm with higher grade malware.

In addition, two days ago, the Business Insider (at http://www.businessinsider.com.au/thousands-of-people-can-do-sony-hack-2015-4) stated ““There are probably a couple thousand, three, four, five-thousand people that could do [the Sony] attack today,” Miller told “60 Minutes.” He went on to explain that the technology used by the perpetrators of the Sony hack isn’t a custom-made program. Instead, Miller says it can be purchased online from Russian hackers for around $US30,000“, so if that is a fact, then how is North Korea still seen as the Cyber Boogieman? This issue is a lot bigger and the Smartphone is just adding to a Cyber world that is lacking security all over the place. Telecom operators will have to change the way they play the game, the moment that they are no longer seen as simple data provider through innocent dissemination. When the telecom companies are held to account, we will see a shift, one that will be a costly one for those who allowed massive amounts of data theft to remain unmonitored.

Verizon should be ashamed of itself!

 

Leave a comment

Filed under IT, Science

Tagged as , , , , , , , , , , , , , ,

February 8, 2015 · 23:08

The next cyber wave

The news is almost two weeks old. There was no real reason to not look at it, I just missed the initial article. It happens! This is also at the heart of the issue on more than one level. Consider the quotes “The first 13-week programme for Cyber London (CyLon) will kick off in April, with a group of startups drawn from industries including defence, retail, telecoms and health services” and “On the one hand, the government is keen to invest in cyber-security startups: witness chancellor George Osborne’s announcement that GCHQ is investing “£3bn over nine years into developing the next stage of national cyber intelligence”“. So is this just about getting your fingers on a slice of this yummy slice of income? You see, this issue skates on problem that I (many others too) saw that Common Cyber Sense existed, but the bulk of companies treated it as an overhyped requirement. Yes, those managers were always so nervous when they got introduced to ‘costs’. I reckon that the Sony hack will remain the driving force for some time, in addition several business units are more and more in need for some better up to data encryption, so this cyber wave is getting some decent visibility. So as we look at the title ‘Cyber London aims to make the UK a launchpad for cyber-security startups‘ (at http://www.theguardian.com/technology/2015/jan/28/cyber-london-accelerator-cyber-security-startups).

There is no denying that the call of 9,000 million is a strong one, especially in this economy. More important, as more companies are gripped by a decent amount of fear regarding their own future, this event will be at the foundation of several longer running projects and corporations. There is of course question on what is real. That question becomes an issue when we see that even now, rumours still emerge on what happened in regards to who did the works on Sony and how it was done, especially in light that the article in Business Insider claims that the hackers still have access. The latter part will be speculated on by me later in this article.

For the most, the next cyber wave is a good thing, especially when thousands of data holders realise that their corporate future depends on keeping these systems decently safe. I use the term decently safe, because ‘complete’ safety is not something that is achievable, not on budget levels that many depend upon. Yes, security can be better and a lot of companies will invest, they will raise the threshold of many companies, yet will they raise it enough? That is at the foundation of what is about to come.

I predict that these startups are all about consultancy and some will offer products, some on safety and some on encryption. Encryption will be the next big thing, the question becomes how will encryption be properly managed? There are plenty of people who enthusiastically encrypt files and after that forget the password. So what then, all data lost? So, you see that clever solutions are needed, which will bring forth a new wave of solutions, new barriers and new bottlenecks. I wonder if these new startup firms have considered a trainings division, not one that is all about ‘their’ solutions and ‘their’ products, but all about raising proper awareness for Common Cyber Sense.

Training that is meant to give long term knowledge to people working at a firm as well as setting a proper initiation of knowledge with these companies, so that a wave of change will not start a rollercoaster of people jumping from firm to firm, a risk many companies will predict to hit them.

Now it is time for some speculation. I have been thinking on how Sony was hit. I came up with a possible idea on New Year’s Eve. When I wrote this part: “In my view of Occam’s razor, the insider part is much more apt”, my mind started to wander on how it was done.

Speculation on the Sony Hack

The inside story is on the hack of Sony, yes, there was a hack at some point, but, in my view, that is not what actually happened. a destruction was started, but that is not what started it, that is how it all ended. When I did my CCNA (2011), I had the initial idea. You see, hacking is about data at rest, so what happens when the hack is done when data is in motion? That part is often not considered, because it seemingly unmanageable, but is it? You see, when you buy the Cisco books on CCNA you get all the wisdom you need, Cisco is truly very thorough. It shows how packages are build, how frames are made and all in great detail. That wisdom can be bought with a mere $110 for two books.  Now we get to the good stuff, how hard is it to reengineer the frames into packages and after that into the actual data? Nearly all details are in these CCNA books. Now, managing hardware is different, you need some decent skills, more than I have, but the foundation of what is needed is all in the Cisco IOS. The hack would need to achieve two things.

  1. The frame that is send needed to be duplicated and ‘stored’.
  2. The ‘stored’ data needs to be transmitted without causing reason to look into spikes.

I think that ‘hackers’ have created a new level (as I mentioned before). I think that Cisco IOS was invisibly patched, patched, so that every package would be stored on the memory card in the router, in addition, the system would be set to move 2% during the day to an alternative location, at night, that percentage would be higher, like 3-5%. So overnight, most of the data would arrive at its secondary location. Normally CCNP technologists with years of experience will look into these matters, now look and investigate how many companies ACTUALLY employ CCNP or CCSI certified people. To do this, you would need one insider, someone in IT, one person to switch the compact flash card, stating 64Mb (if they still have any in existence) and put the sticker on a 512Gb Compact Flash card. Easy peasy! More important, who would ACTUALLY check the memory card for what was on it? The Cisco people will look at the startup file and only that one. The rest is easily hidden, over time the data is transferred, in the worst case, the culprit would only need to restart the routers and all activity would be completely hidden, until the coast is clear, afterwards the memory cards would be switched (if needed) and no trace of what happened would ever be there. What gave me the idea? Well I wondered about something similar, but most importantly, when I did my CCNA, the routers had 64Mb cards, I was amazed, because these suckers are no longer made, go to any shop and I would be surprised if you can even find any compact flash card smaller than 16Gb. Consider a place where Gb’s of data could be hidden under the eyes of everyone, especially as Cisco IOS has never been about file systems.

When the job was finished, the virus could be released damaging whatever they can, when cleanup starts, every aspect would be reset and wiped, whatever the culprit might have forgotten, the cleaning team might wipe.

So this is my speculation on how it was done, more importantly, it gives credibility to the claims that the hacks are still going on and the fact that no one has a clue how data was transferred, consider that this event was brokered over weeks, not in one instance, who else is getting their data syphoned? More importantly have these people involved in this next cyber wave considered this speculated path of transgression? If not, how safe would these systems end up being?

Let’s not forget that this was no easy feat. The system had to be re-programmed to some extent, no matter how enabling Cisco IOS is, this required top notch patches, which means that it required a CCSI or higher to get it done, more important would be the syphoning of the data in such a way that there would be no visible spike waking any eager beaver to prove themselves. That would require spiffy programming. Remember! This is all speculation; there is no evidence that this is what happened.

Yes, it is speculation and it might not be true, but at least I am not pointing the finger at a military force that still does artillery calculations with an abacus (another assumption on my side).

There are a few issues that remain, I think upping corporate awareness of Common Cyber Sense makes all the sense in the world, I reckon that the entire Cyber Security event in London is essential and it is good to have it in the Commonwealth. This industry will be at the foundation of growth when the economy picks up, having the UK play a centre role is good strategy and if it does evolve in the strongest way, a global financial node with improved cyber protection will lead to more business and possible even better business opportunities. This event also gives weight and view to my writing on January 29th and a few other occasions “As small innovators are given space to proceed and as larger players are denied blocking patents to force amalgamation of the true visionary into their moulding process that is the moment when economies will truly move forward. That is how you get forward momentum!“, this is something I have stated on several occasions and I truly believe that this will be the starting pulse to a stronger economy. It seems that the event creators Alex van Someren of Amadeus Capital Partners, Grace Cassy and Jonathan Luff of Epsilon Advisory Partners, and advisors Jon Bradford of startup accelerator TechStars and Eileen Burbridge of venture capital firm Passion Capital are on such a path. No matter how it is started, they are likely to get a first leg up as these startups will truly move forward. As the event stated: ‘No equity taken’, but it seems to me that on the receiving end of implementing working solutions, finder’s fees and linked contracts could be very very profitable and let’s face it, any surfer will tell you that being at the beginning of the wave gives you the best ride of all.

Let’s see what 2015 brings us, startups tend to be not too boring. Not unlike startups, so will be more waves of speculations on how Sony was hacked, the US government will likely continue on how North Korea was involved and at the centre of it all.

 

2 Comments

Filed under IT, Media, Politics, Science

Tagged as , , , , , , , , , , , , , , , , , , , , , ,

January 3, 2015 · 11:03

Slander versus Speculation

There is a lot wrong in this world, we cannot disagree with that. Soon we might see rental prices go down in London, because of Superman (the New Ecstasy), yay to those needing an apartment, being free of drugs was never so nicely rewarded! So is this speculation, or slander?

We could debate my sense in taste (many have for decades), yet in the firm juridical ground, when can speculation be regarded as slander?

That part is more and more a question when we consider the US sanctions against North Korea. Oh, and perhaps we forgot to mention that Sony Is a Japanese firm (even though the crime was on US soil), giving additional spotlights to the reasoning of certain actions. Consider the following sources. First let’s take the BBC (at http://www.bbc.com/news/world-us-canada-30661973). Here we see sanctions against organisations and individuals. First there is “Jang Song Chol: Named by the US Treasury as a Komid representative in Russia and a government official“, then there is “Kim Yong Chol: An official of the North Korean government, according to the US, and a Komid representative in Iran” and last there is “Ryu Jin and Kang Ryong: Komid officials and members of the North Korean government who are operating in Syria, according to the US“. Now the article ends with the most hilarious of all quotes “White House officials told reporters the move was in response to the Sony hack, but the targets of the sanctions were not directly involved“.

So the White House is within this part confessing to the breach where they are targeting innocent civilians (of that crime at least)? Can anyone explain to me how this is anything less than legalised slander? Consider that if (not when, but if) they ever figure out who exactly was responsible for the Sony hack (the actual individuals involved), how the US government could be held responsible in any court of law for this. Consider this part (source was the APA of all places, at http://www.apa.org/about/gr/issues/violence/hate-crimes-faq.pdf). “Current federal law defines hate crimes as any felony or crime of violence that manifests prejudice based on “race, colour, religion, or national origin” (18 U.S.C. §245). Hate crimes can be understood as criminal conduct motivated in whole or in part by a negative opinion or attitude toward a group of persons. Hate crimes involve a specific aspect of the victim’s identity (e.g., race)“. If we clinically look at the facts, then these acts are a hate crime against North Korea.

Now, let’s be fair as well. Most will not care, I reckon that the North Koreans might not even care, but this act does remain a legal transgression!

Let me show you why (because without reason, there is nothing), part one is found in yesterday’s news in the Guardian (at http://www.theguardian.com/technology/2015/jan/02/sony-hackers-may-still-access-computer-systems-the-interview).

Here we see the following parts:

  1. Sony Entertainment is unable to confirm that hackers have been eradicated from its computer systems more than a month after the film studio was hit by a debilitating cyber-attack, a report says

So not only has the hack occurred, it is very possible that the transgression and the damage is currently still ongoing, in addition, one of the most watched and scrutinised nations is still accessing Sony? Not one press agency is asking the questions that matter. For example, there was some visible Press Tour into North Korea (must have been around when Kim Jong-Un was elected big boss in 2011), when we saw some of the filmed events there, we saw North Korean officials in total disbelieve that a smartphone could take photographs and these people walked over Sony’s cyber security?

Now we get to the Chief Executive of Sony himself, his quote gets us the following:

  1. “It took me 24 or 36 hours to fully understand that this was not something we were going to be able to recover from in the next week or two,” Lynton told the Wall Street Journal

So this was not a mere grab for data, this is a system paralyses of sizeable renown, the hack was so complete, high paid executives could not get their minds around the events. So, are we still looking at North Korea? Basically this requires an evolved form of ‘stuxnet’, the hack was seemingly more complete then the stuxnet virus could achieve. We now have only three players left. Russia, China and whatever hacking organisation walks around within the US and its allied nations. How is North Korea anything else but a mere puppet for slander? Whilst some people are possibly hiding their lack of skills, and likely other people linked to all this are trying to cover up issues that have been ignored ever since the first hack of 2011 (the Sony PSN hack). By the way, I am using stuxnet as a comparison, I have zero knowledge how the transgressions was done, but we can all agree it was way beyond a normal level of sophistication.

Yes there is another scenario and I will get to that soon, North Korea is not off the hook yet!

You see we have been looking at the event, but not at the capital involvement that is two tiered at present.

  1. Sony’s network is expected to be fully operational within the next two months but hackers have so far released only a tiny fraction of the 100 terabytes of data they claim to have stolen“, so not only will it take months to repair security measures, the fact that the new fences are there are still no guarantee that the data remains safe.

When gets us to the first tier. Data! Someone streamed 100 Tb, which is more than just a number; it would require every PlayStation 3 on the planet to download up to 2Mb. The fact that this is not monitored, or that is got through to this extent, is a first view that this was no mere trifle event. And even though 100,000 Gigabytes seems small when compared to the PSN issues, it becomes interesting when we consider that the PSN had been hit more than once, but as those members did not all download, where did all this data get syphoned to?

Now we get to the one part that might be regarded as tier two. You see, it is not just the amount taken, which takes a good server park to store, it goes back to issues I discussed in regards to piracy and the parts I mentioned in my blog ‘For our spies only!‘ on September 26th 2014. There I stated “in the end this is NOT about copyright, this is about bandwidth“, the big players all knew it and they were all very concerned if such events would start to get measured and logged. Now someone casually walked away with 100,000 gigabytes of data?

Before I restate, it was not North Korea, let us take a look at another article by the Guardian in that regard. The title is ‘North Korea may have hired outside hackers for Sony attack, says US‘ (at http://www.theguardian.com/world/2014/dec/30/north-korea-hackers-sony-pictures-cyber-attack) and it was written on December 30th. Now we must consider the following: “US investigators believe that North Korea most likely hired hackers from outside the country to help with last month’s cyber-attack against Sony Pictures, an official close to the investigation has said“. The operative word is ‘believe‘, they just do not know. As a speculation that would be my guess as North Korea does not have the skill needed for this, not even close. By the way, those hackers might want to get paid, how will North Korea do that, or perhaps that is beyond US oversight too, because it would be a sizeable amount for something this complete.

The next part is the part that opens the discussion ““The FBI has concluded the government of North Korea is responsible for the theft and destruction of data on the network of Sony Pictures Entertainment,” it said in a statement“. The first question: What evidence?  As stated before, North Korea is lacking in many ways, the fact that they hacked past Sony to this extent, whilst at present no guarantee can be given that the systems are secure at all, whilst North Korea has been watched 24:7 for a long time now gives rise to the demand of evidence showing the guilt of North Korea. So, they are seemingly better than the cyber divisions of both Russia and China? I am not buying it, in addition, the fact that the article implies that outside help was engaged for a hack this thorough leaves us with two thoughts.

  1. If true, where is the real balance of power in cyberspace, because this now implies that North Korea is a real player, even though no one (including people a lot more intelligent than me) have concurred that North Korea does not count when it comes to the internet and cyberspace.
  2. If false, what incompetence is the US hiding from us all and is that not the true crime?

Consider this quote (from the Guardian article too): “Some private security experts have begun to question whether Pyongyang was behind the Sony cyber-attack at all. The consulting firm Taia Global said the results of a linguistic analysis of communications from the suspected hackers suggested they were more likely to come from Russia than North Korea. The cyber security firm Norse said it suspected a Sony insider might have helped launch the attack

I cannot disagree with Taia Global, as this could be Russia hitting back at US sanctions, but that would be speculation on my side, I also very much agree with Norse. Consider that if someone walks into a bank vault and it is empty. There was no sign of break in, the doors were not forced. At this point the police and the FBI will initially look at ‘the insider’ plot. It makes perfect sense. To get past the Sony server parks to this degree someone was giving aid in some way. Initial passwords, the network structure, because if that was not the case there would be a lot more logging evidence to giver clear view whether North Korea was guilty (or not involved).

Mark Rasch hits the nail on the head with this quote ““I think the government acted prematurely in announcing unequivocally that it was North Korea before the investigation was complete,” said Mark Rasch, a former federal cybercrime prosecutor. “There are many theories about who did it and how they did it. The government has to be pursuing all of them.”” there is the crux, the mention of theries on who did it. Even if it is outside help, Russia would still make more sense, the Russian Mafia could be the front for cashing in on selling the data, they pay commission to the people ‘hurt’ through US sanctions, they are looking at the least likely suspect because of a comedy, one that I (and many others) had not even heard of before these events.

It is the last quote that is food for thought from Kevin Mandia of Mandiant “Mandia, who has supervised investigations into some of the world’s biggest cyber-attacks, said the Sony case was unprecedented. “Nobody expected when somebody breaks in to absolutely destroy all your data, or try to anyway, and that’s just something that no one else has seen,” he said

That part is not entirely true, I remember the DBase virus of 1988, I remember some people who had fallen victim to them, a garble parser that does not show until the virus is removed, it leaves your data garbled from that point forward. There was also a data virus in the 80’s. I forgot the specifics, but whilst most viruses would attack ‘.com’ and ‘.exe’ files, this one would attack data files, until that day a truly scary moment. So, it is not entirely unprecedented. Consider, if you copy someone’s data, the best sale is to sell it to the competitors, yet, what happens if the owner no longer has that data, does that not drive up the price? Yet, it is bad tactics, to copy in secret and resell it all makes perfect sense, the fact that these events happened, whilst Sony IT, the Cyber divisions of the FBI and others are not able to track the events is something very novel. It is a first to this degree, do you now understand why it makes no sense to accuse the one nation where we see this as their highlight: “Aug 6, 2013 – North Koreans hungry for tech skills are buying up used desktops on the black market, these desktops smuggled in from China have become a much sought-after item in North Korea“, this is the nation that thwarted one of the biggest cyber power players?

People please wake up. The question becomes what was real? I call my version insightful speculation. I have been involved in IT since the 80’s, this level of hacking requires serious system skills with in depth knowledge of all layer one components (hardware layer), if we ignore the inside job part, this takes North Korea out of the loop, it also removes a massive amount of hackers of the table too. It requires the skills we would require to see from people at the NSA and other high tiered cyber firms. From these facts I come to three options:

  1. The hackers are a new level of hacker with the ability to get past the security of nearly any large firm and government data system.
  2. Sony has been criminally negligent and the US is willing to ‘aid’ this Japanese firm for a price.
  3. A simple inside job (possibly even a disgruntled employee) with links to organised crime.

Please feel free to give me a valid fourth alternative.

 

1 Comment

Filed under Finance, IT, Law, Media, Military, Politics

Tagged as , , , , , , , , , , , , , , , , , , , , , , , , ,

December 31, 2014 · 11:31

Last Clooney of the year

My idea of stopping my writing until the new year has truly been bombarded into a sense of that what is not meant to be, so back to the keyboard I go. One reason is the article ‘‘Nobody stood up’: George Clooney attacks media and Hollywood over Sony hack fallout’ (at http://www.theguardian.com/film/2014/dec/19/george-clooney-sony-pictures-hack-the-interview), which I missed until this morning. So has the actor from ER become this outspoken because of his marriage to Human rights lawyer Amal Alamuddin? Nah! That would be incorrect, he has been the champion of major causes for a long time, outspoken, thinking through and definitely a clever cookie with a passion for Nespresso!

The article kicks off with a massive strike towards to goal of any opponent “George Clooney has spoken of his frustrations with the press and his Hollywood peers at failing to contain the scandal around The Interview, which Sony has pulled from cinema release as well as home-video formats“. It goes a lot deeper then he spoke it does, perhaps he fathomed the same issues I have had for some time now, some mentioned in my previous blog ‘When movies fall short‘ (at https://lawlordtobe.com/2014/12/15/when-movies-fall-short/), two weeks ago.

I will take it one-step further, several players (not just Sony) have been skating at the edge of competence for some time now, as I see it, they preferred contribution (revenue minus costs) regarding issues of security. It remains debatable whether this was intentional or just plain short-sightedness, that call requires levels of evidence I have no access to.

By the way, Mr. Clooney, you do realise that this topic has the making of an excellent movie, not unlike the largely unnoticed gem ‘Margin Call‘ with Kevin Spacey, Paul Bettany and Zachary Quinto.

The one quote I object to (to some extent) is “With just a little bit of work, you could have found out that it wasn’t just probably North Korea; it was North Korea … It’s a serious moment in time that needs to be addressed seriously, as opposed to frivolously”. You see, the inside job is a much more likely part. Yes, perhaps it was North Korea (requiring evidence), yet this would still not be the success they proclaim it to be without the inside information from disgruntled (or greedy) employees. In addition to the faltering security Sony has needed to ‘apologise’ for twice now (the Sony PSN hack of 2011), none of which was correctly covered by the press regarding this instance either. There was the press gap of November 2013, so we have at least two events where the press catered with silence, but at the price (read: reward) of….?

Yet the part: “He joins others who voiced their dismay at Sony’s decision, including Stephen King, Judd Apatow and Aaron Sorkin. Rob Lowe, who has a small role in The Interview, compared Sony to British prime minister Neville Chamberlain and his capitulation to Nazi Germany before the second world war“, is more than just a simple truth, it shows a fear of venue, cater to the profit. Chamberlain was from the old era and he failed to perceive the evil that Adolf Hitler always was. That view was partially shown by Maggie Smith in ‘Tea with Mussolini‘ too, yet the opposite was strongly shown in Remains of the Day, when Christopher Reeve as Jack Lewis states: “You are, all of you, amateurs. And international affairs should never be run by gentlemen amateurs. Do you have any idea of what sort of place the world is becoming all around you? The days when you could just act out of your noble instincts, are over. Europe has become the arena of realpolitik, the politics of reality. If you like: real politics. What you need is not gentlemen politicians, but real ones. You need professionals to run your affairs, or you’re headed for disaster!

This hits the Sony issue straight on the head. Not that the Gigabytes of data are gone, but that they got access to this data at all. IT requires a new level of professionals and innovator, a lesson that is yet to be learned by those having collected Exabyte’s of data. It is a currency that is up for the taking with the current wave of executives that seem to lack comprehension of this currency. Almost like the 75-year-old banker who is introduced to a bitcoin, wondering where the gold equivalent is kept. The new order will be about IP, Data and keeping both safe. So, it is very much like the old Chamberlain and Hitler equation, we can see Chamberlain, but we cannot identify the new Hitler because he/she is a virtual presentation of an identity somewhere else. Likely, a person in multiple locations, a new concept not yet defined in Criminal Law either, so these people will get away with it for some time to come.

Yet the final part also has bearing “Clooney was one of the Hollywood stars embarrassed by emails being leaked as part of the hack. Conversations between him and Sony executives showed his anxiety over the middling reception for his film The Monuments Men, with Clooney writing: “I fear I’ve let you all down. Not my intention. I apologize. I’ve just lost touch … Who knew? Sorry. I won’t do it again.”“, personally he had no reason to be embarrassed, when your boss spills the beans (unable to prevent security), do you blame the man or the system that is this flawed?

Why has it bearing? Simple, he shows to be a man who fights and sometimes fails. He states to do better, just as any real sincere person would be, a real man! By the way, since 2011 Sony still has to show such levels of improvement. A lacking view from the people George Clooney served in a project, so we should not ignore the need to look at those behind the screens and the press should take a real hard look at what they report and on where their sources are, that same press that has not scrutinised its sources for some time. When was the last time we asked the press to vouch for ‘sources told us‘?

Consider the quote “We cannot be told we can’t see something by Kim Jong-un, of all fucking people … we have allowed North Korea to dictate content, and that is just insane“. As I mentioned in the previous blog, with the bulk of the intelligence community keeping their eyes on North Korea, why is there no clear evidence that North Korea did this? Not just the US both United Kingdom and France have access to an impressive digital arsenal, none have revealed any evidence. Consider that the École polytechnique under supervision of French defence is rumoured to be as savvy as GCHQ, can anyone explain how those three cannot see clearly how North Korea did this? So, either, North Korea is innocent and just surfing the waves of visibility, or the quote by George Clooney in the Guardian “the world just changed on your watch, and you weren’t even paying attention” would be incorrect. The quote would be “the world just changed on your watch, and those in charge do not comprehend the change“. In my view of Occam’s razor, the insider part is much more apt, the other option is just way to scary, especially as the IT field is one field where North Korea should be lacking on several fronts.

I will let you decide, have a wonderful New Year’s eve!

Leave a comment

Filed under Finance, IT, Law, Media, Military, Politics

Tagged as , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

December 15, 2014 · 21:18

When movies fall short

There is nothing as intensely satisfying as when we are confronted with a reality that is a lot more entertaining than a movie would be. Those are moments you live for, that is unless you are a part of Sony and it is your system getting hacked. Life tends to suck just a little at that point.

This is not the latest story to look at, but in light of the elements that have been visibly resolved, it is the best one around. Some will state that the Hostage story in Martin’s Place, Sydney is the big issue, but that is an event that is getting milked for every second possible by the media, I checked! The price of chocolate remains unaffected, so let’s move on to Sony!

The first part is seen in the article ‘Sony hack would have challenged government defences – FBI’ (at http://www.theguardian.com/technology/2014/dec/12/sony-hack-government-defences-fbi), those who think it is new news seem to have forgotten the issues people had in May 2011 (at http://uk.playstation.com/psn/news/articles/detail/item369506/PSN-Qriocity-Service-Update/). “As the result of a criminal cyber-attack on the company’s data centre located in San Diego, California, USA, SNEI shut down the PlayStation Network and Qriocity services on 20 April 2011, in order for the company to undergo an investigation and make enhancements to the overall security of the network infrastructure” 77 million accounts were compromised and the perpetrators got away with a truckload of data.

So when we see the quote “The cyber-attack that crippled Sony Pictures, led to theft of confidential data and leak of movies on the internet would have challenged almost any cyber security measures, the US Federal Bureau of Investigation (FBI) has said“, we should consider the expression once bitten twice shy and not, when bitten use antiseptic, go into denial and let it be done to your network again.

The fact that this revolves around another branch of Sony is just ludicrous, it’s like listening to a prostitute stating that the sick man used the other entrance this time, so we need not worry! If you think that this is an over the top graphical expression, consider that twice in a row that the personal details of millions in the form of data ‘leaked’ to somewhere.

The second quote will not make you feel any safer ““In speaking with Sony and separately, the Mandiant security provider, the malware that was used would have slipped or probably got past 90% of internet defences that are out there today in private industry and [would have] challenged even state government,” Joseph Demarest, assistant director of the FBI’s cyber division told a US Senate hearing“, as we know that governments tend to be sloppy with their technology as they do not have the budgets the bulk of commercial enterprises get, we can look at the quote and regard the statement to be a less serious expression of ‘do we care’, which is nothing compared to the ignored need to keep personal data safe.

You see, commercial enterprises have gotten sloppy. getting newly graduates to look into a system where you need seasoned veterans and you need a knowledge base and a good setup, all factors that seem to be in ‘denial’ with a truckload of companies the size of Sony, as they are all cutting corners so that they can project revenue and contributions in line with the ‘market expectations’.

The quote that becomes interesting is “A link between Gop and North Korea has been muted over Pyongyang’s reaction to the Sony Pictures film The Interview, which depicts an assassination attempt on Kim Jong-un“, so is this group calling itself Guardians of Peace (Gop), the ‘simpleton’ group they are trivialised to be, or is there more. You see, we see a growing abundance of data collections that seem to go nowhere, but is this truly the case? You see, data is money, it is a currency that can be re-used several times, the question becomes, finding someone willing to buy it. If we regard the 2 billion Microsoft paid for Minecraft to be more than just the IP of the sandbox game, then what is it? Which part of that 2 billion is seen as value for the 120 million registered users on PC? Do you now see the currency we are confronted with?

In my book the Sony exercise is a display of the expression ‘a fool and his money are soon parted‘. In light of the 2011 issue, the fact that security was increased to the extent that it could be done again makes for entertainment on a new level, in addition, like a bad infomercial it does not stop here, no! For $9.95 you get so much more then you see now. That we see in the article that was published two days before that (at http://www.theguardian.com/technology/2014/dec/10/fbi-doubts-north-korea-link-sony-pictures-hack). The part that should make you howl like a hyena is seen here “The security firm hired by Sony to investigate the attack, FireEye, described the attack as an “unparalleled and well-planned crime, carried out by an organised group, for which neither SPE nor other companies could have been fully prepared” in a leaked report“, So did you notice ‘unparalleled and well-planned crime‘ and ‘leaked report‘, oh sarcasm, thy name be Miss Snigger Cackle!

The leaked report, which was from the 7th of December (at http://recode.net/2014/12/07/sony-describes-hack-attack-as-unprecedented/) gives us “demanding that organizations which have obtained the leaked information avoid publishing any more material from the hackers, and destroy existing copies. Boies called it “stolen information.”“, you see, the issue here is that if we consider the quote “This attack is unprecedented in nature. The malware was undetectable by industry standard antivirus software and was damaging and unique enough to cause the FBI to release a flash alert to warn other organizations of this critical threat“, so even after the malware, info was still going past the firewall, or was this just ‘leaked’ by an internal source? It takes a little twist when we look at the quote in the December 10th article “The malware had been signed and authorised by Sony Pictures, allowing it to bypass certain security checks“, in my mind this reads as follows: ‘Some idiot gave a pass to malware to roam free on the system‘, so is it that, or was this an internal operation all along? If the second part is true, then who was the beneficiary of all that private data? Who is it means for? You see, many forget that our information is not always for stealing from our credit cards, sometimes it is used to profile us, as a customer, as marketing or as leverage. Why the word leverage? Consider healthcare, consider usage, what happens when an insurance company gets to profile 20 million couch potatoes, what if your healthcare premium suddenly goes up by 15%, do you have any idea how much money that is? So as insurance companies keep the leveraged margins of charge, whilst overcharging risks in addition, we see a growing margin of profit for these insurance companies, whilst getting them to pay for what you are insured for has not gotten any easier has it?

So is this simply a cinematography from Sony Pictures film, called The Interview, which depicts an assassination attempt on Kim Jong-un, or was that the smoke screen? The FBI seems to have ruled out North Korea, as far as I have been able to tell, the only fans of North Korea are the North Koreans and Dennis Rodman (who has no fame in any IT endeavour), so is there enough doubt regarding the reality of what happened and why it happened? Yes, as I see it there is, the question becomes, when there is this much smoke, where are we not looking? That part is to some extent seen in another Guardian Article (at http://www.theguardian.com/film/2014/dec/12/hackers-attack-film-studios-sony-pictures-leak-cybersecurity-warning). We see this quote “Sean Sullivan, senior adviser and researcher at the security company F-Secure, said that he believes the purpose of the Sony hack was extortion. “If it was just hacktivists, they’d have released everything all at once,” he said. “But these releases, it’s like they’re shooting hostages. One thing one day, another the next. This is a really different tactic from what we usually see.”“, this is certainly plausible, but is that it? Why ransom of data and sell it back with the FBI and others on your tail, when you can sell it in Hong Kong, Bangkok, Riyadh and a host of other locations. A simple transaction for an external encrypted drive, a deal you can offer to ALL parties for amount X, the more you offer, the higher X is.

Whilst our data is sold on and on, we run additional risks of getting invoiced for our lives choices and extorted by other financial firms because our privacy is no longer a given in the age of data and it is directly linked to corporations that cannot clean up their act. In the mean time we see leaked report on impossible hack successes, whilst it took only one executive to ‘accidently’ sign and authorise a mere trinket of malware.

So yes, the movies are falling short; reality can be scary and entertaining all at the same time. The question becomes, will there be a change to our invoice of life because of corporate considerations, or lack there off?

 

1 Comment

Filed under Finance, IT, Law, Media, Science

Tagged as , , , , , , , , , , , , , , , , , , , ,

March 4, 2014 · 15:13

Israel stands alone

I wish I had better news, but the situation as it deteriorates in the Middle East, might in the next immediate period give more pressure and dangers to the state of Israel then anyone realises. Is it more than Israel thinks it is? That is a little harder to see, but I feel certain that their bad case scenario had included options even worse than I would be able to foresee.

This is not just on the issues raised by the USA, or EU as published (at http://news.sky.com/story/1217922/us-and-eu-urged-to-halt-weapon-sales-to-israel), it is also the issues which will hit Israel as we see a deteriorating war theatre in Syria. When we see “Amnesty International criticises what it calls Israel’s ‘callous disregard for human life’ in its handling of Palestinian protests against occupation“. Is that the actual truth? Over 4000 attacks from Palestine missiles and mortars in the last 5 years against Israeli civilian targets, making almost 70 attacks a month for 5 years, so basically a little over two attacks a day, every day for 5 years (even more in the 5 years before that). These were almost all fired at civilian targets, which makes the Amnesty International report a coloured one. I am not just writing this from the back of the room. I have been there, I have seen the consequences and people that I know of have been in direct danger because of the acts of Hamas, Hezbollah and the groups acting in the Sinai. So, this is not just a far away from my bed situation (Dutch expression). When even today in 2014 see that the Palestine’s are stating “The Palestinian Authority adamantly rejects Israel’s right to exist” on a daily basis and the fact that this is still shown and proven at every turn. Is it a surprise that the tensions are not and will not be broken any day soon?

The second issue comes from State Secretary John Kerry, as mentioned by Sky News (at http://news.sky.com/story/1205342/israel-boycott-warning-dismissed-by-netanyahu),where we see the quote  “US Secretary of State John Kerry had suggested that a failure of peace talks with the Palestinians would accelerate calls for a ‘de-legitimisation campaign’ against the Jewish state

Is that so? The issue, as it has been known for decades is all about Israel’s right to exist. NOT ONE government has been able to swing this in favour of Israel EVER! So Mr Kerry, are you sure you want to be the one that is known as the person who acquired the label ‘the failed superpower USA‘ as we see not just the issues in Israel, but also the failings of campaigns involving Afghanistan, Syria and now the Ukraine? I am not stating that the last two should have been about military intervention, but diplomacy did not work. As the Syrian issues keep on escalating, the dangers that escalations move south of the Syrian border is not out of the question, when that happens the dangers for Israel will quickly increase. Even though many parties do not want the Syrian government to completely fall and left in the hands of several smaller extreme hands, the dangers, even if Syria moves on without President Assad will mean that pressures towards Lebanon will mean that the extremists now attacking Israel on a regular basis will end up with a lot more resources then they have at present. As we look at the mentioning of economic sanctions, the handling of it as we see in the newspapers about economic sanctions have for the most never ever worked.

Cuba is still there, even though it has been under massive economic pressure since 1962, the economic pressures against North Korea since 1950 also failed. They are still there; these two have nowhere near the resources of Russia, so how will the sanctions against Russia ever work? In addition, Russians are acquiring businesses all over Europe; the acquisition of Siebel in the Netherlands is one of the most visible ones lately. How will sanctions work in these cases?

This is all linked to Israel, let me get to that.

As we see the power of government (the US in particular) fall back because it has no power to stop businesses in many ways, we will see that governments are slowly losing power on a global scale (so not just the US). To some degree it will all be about the business and the local religion they depend upon, this evidence is seen as we see watch where big business remains and how it can deliver its projected forecast. This has been fact since the early 90’s. Now, as Europe needs and desires to do business all over the Middle-East, they will unite their view according to the need of their business. This does not make Muslims or Christians anti-Semites, yet the acts of individuals have been, especially when lacking moral and cultural insight, anti-Semite in nature. As long as the business makes that they need to achieve, they can get away with most acts of pro-profits. This places Israel, with a unique national religion in a dangerous place. When we see the article at http://www.haaretz.com/jewish-world/jews-reluctantly-abandon-swedish-city-amid-growing-anti-semitism-1.301276, in addition the news at http://www.ynetnews.com/articles/0,7340,L-4456356,00.html shows another side of one of the most liberal nations in the world. This is not a statement against Sweden, but the fact that this level of hatred goes on, even today, in several nations gives rise to the acts of Israel. Until the ‘right to exist’ is met by all its neighbours, and the Middle-East at large, this will go on and on. If anyone wants to make a statement on how it was ‘theirs’ in the past, then remember that the tribes of Israel were not just in Israel, they held parts of Palestine as well as a sizeable chunk of Syria as well. As this place became ‘slave shopping central‘ for both the Egyptians and the Romans, that area went from all to naught within 5 generations. So what is a solution? Well, as for the issues at hand, we could request two payments one from Egypt for 25 trillion and one from Italy for almost 50 trillion, not to mention the damage the Jewish population suffered from fanatical German acts. I am certain that Israel will make a deal to some extent. So if we go back long enough the issue could be settled, but the involved parties have nowhere near the funds to make restitution. In the end, is there a solution? It seems that there is, but not a peaceful one, not until the involved parties are willing to sit down and actually talk. In that regard, the US intervention has little or no power to hold any of it up. It is, especially at present, willing to sit at any table for economic reasons (not that this is a bad thing), but Israel knows that whatever deal will be gotten, it will not end good for Israel, the US knows this, it has always known this and at present, in their economic state of destitution they cannot afford to care about it. This is partially why the entire Iran situation will not be accepted by Israel, nor should it be by many nations. Be aware, I am not speaking out against Iran in this matter, but the issues as former president Ahmadinejad escalated them can easily happen again. Iran is the third largest nation in terms of oil reserves and this is why many parties are so adamant to make a deal with Iran (at http://www.reuters.com/article/2013/12/31/us-china-iran-zhenrong-idUSBRE9BU03020131231), as China is making new deals for oil, Iran will get an additional incentive of well over 80 billion, which the US is now missing out on. In an age of cash is king, the US is demoted from king to a mere tiny Earl and this is more than upsetting to these high and mighty US oil barons. Their business is wavering. So, as they will push for more and more business, the dangers Israel faces are also increasing. This is not about Hassan Rouhani, who so far is showing and proving to be an international diplomat. Israel fears what comes next in 2021. There is no indication that Hassan Rouhani is anything but a moderate, however the next one might not be like that and anyone who follows and is one step closer to a new Ahmedinejad will give the state of Israel a direct nuclear threat to deal with. They cannot allow for such a dangerous situation. It is all good and nice the things that John Kerry (as State Secretary) claims now, but when things go wrong, he will sit from a distance negotiating for talks whilst Tel Aviv partially glows in the dark. At that point those poor poor Iranians will be willing to talk (after the fact). When, at that point Israel stops existing, the Mediterranean is no longer a viable place and the fallout dangers to the eco systems of Greece, Italy and Spain will be regarded, by the US administration, as unfortunate. When a nation has no options, every step is one too many. Is my assumption a fair one? Consider the acts of former Iranian president Ahmadinejad; consider the acts of Hamas, Hezbollah as well as the Al-Qaeda groups currently in the Sinai. Mohamed Morsi was only just in office when Egypt’s Muslim Brotherhood started staging anti-Israel rallies in Cairo.

I feel certain that John Kerry has been aware of all these dangers, as have the members of the state departments all over the world. So, if any solution is ever to exist, then getting the ‘right to exist’ for Israel, will be a mandatory first step.

So when I stated that Israel stands alone, I was not kidding. For those who are eager to deal with the oil states, will have to deal with many who are opposed to the existence of the State of Israel (avoiding stating the term anti-Semitism here). In this era of government bankruptcies, the Cash is King approach is painfully visible and there is no clear solution in sight any day soon.

 

Leave a comment

Filed under Military, Politics

Tagged as , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,