Tag Archives: NSA

The danger of Colbert and the Press

When we see an interview with General Michael Hayden and Stephen Colbert, it is hard to imagine, but it is actually Stephen Colbert who is endangering the lives of many. Did you realise that? First, the interview (at https://www.youtube.com/watch?v=buI8aO7nRDM) should be watched. It is a brilliant interview. Getting a former CIA and NSA director in view is always a little awesome and the man plays the audience brilliantly. Now, I say ‘play’ and I mean that in the best positive way. He is funny direct and answers the questions clearly. It is Hayden that gets the applause and it was an applause that was well deserved. He debunks conspiracy theorists and cuckoo cases all over America. Then something happens, suddenly Colbert does something dangerous and stupid. At 4:55 he plays the game regarding Smart TV’s spying on you, he plays us all as he is linking this to the CIA. What happened was that on February 6th the FTC fined Vizio $2.2 million for collecting viewing histories without users consent (at https://www.ftc.gov/news-events/press-releases/2017/02/vizio-pay-22-million-ftc-state-new-jersey-settle-charges-it), pretty much the same thing that Microsoft seems to be doing to its Xbox population at present and uploading their data into the Azure cloud (without consent).

This might seem like a nuisance, but it is a lot more than that. Large corporations have run out of spreadable funds and like any other corporations, they now need to optimise. It is almost the same situation that SPSS was selling when it offered companies a product called AnswerTree (back in 1997). Marketing firms had to get a certain quota, let’s say 4%, now to get there you could either throw more money on it, and going from 2% to 4% did not just mean a little over 100% more to get the growth. No, with their product AnswerTree, you could make an inventory of who you mailed and who responded and started to prune the tree of those who responded a lot below quota, so basically, the mailings became more efficient, a more clever path to the people buying and it is all perfectly legal and acceptable. That is what is happening now in new ways and Vizio got caught because it happened in an automated way without any level of consent. So who did not get caught? Because I can tell you right now that the bulk of the people with a smart TV have not considered where this data is being logged.

Now, I am going to ask you a question: ‘If marketing is harassment, is the marketing contact that you purchase from still a harasser?

If we have all the do not call registers, how long until these marketeers use other methods? Free games, free apps and free TV shows, all connected, you just have to agree to advertisements connected to them. It is a mere reward for exposure which is all perfectly valid. In all this the CIA was not a factor or a danger. It is the large corporations that are classifying you, more important, it is the links that they can resell that are a danger to your way of life, which is why at times smart TV’s are sold with 60% discount (speculation from my side).

In 2015 I would never have expected to be able to afford a 55 inch smart TV, it is huge (and I was happy with my 42 inch one) but it broke, I had a decent job, but the surprise that a brand new 100 Hz Sony 55 inch was priced down from $1900 to $800 (very lucky me), which was just ridiculous as the next TV (almost the same as my broken one) was a 40 inch at $699, which was perfectly decently priced for those days. Now, we can hang onto the idea that it was just a crazy sales, which does happen, but to flood the market with something almost twice the size, with much higher specifications at next to the same price as a small B-brand TV is too weird. It is almost like having a Canon 5D at the normal $2500 and offering next to it a Hasselblad X1D-50c at $3000, which would be awesome as these babies go for $13,000. It would be 20Mp versus 50Mp. As a photographer I can tell you that I would kill for a Hasselblad 50 Megapixel camera (and as I know the Evidence Act 1995, I might get away with it).

So, I hope you understand the weirdness of such good deals. And in all this, Sony has the ability to capture this data (I am not accusing them of doing this, I have no evidence of any kind that this is happening), but the threat to our privacy is real. Now you might not think that this is important. Yet consider that this data could be sold, how many hours are you not sporting, how many hours do you watch TV and what do you watch? How long until you suddenly get a 12% spike in health insurance? There is where the difference is! You see, these players are very very interested in that data, minimise their risk and charge extra to anyone that is a risk. In my case it does not matter, my smart TV is connected to my console and my Blu-ray player, so there is no ‘smart’ data to capture. What is important for these sales people that the 0.5% of the group that I represent is not the issue, their value is the 80%+ that does connect their TV for Netflix and other reasons, that is where their value is and it is potentially bringing in millions, so the 60% discount is a joke to them. That is the part Colbert smoothly walked over whilst he joked about the CIA and the press at large stayed away from that FTC ruling, so there is one of the dangers.

The other danger is organised crime. How long until people realise that being away from home means no TV? That means that the smart TV logs are not showing movement. How long until the criminals can connect smart TV usage and social media action into, which house is empty? Oh and as you advertise on Facebook that you are on Cuba, how long until you realise that you gave away the info that your house is unprotected? More important the quote “Oversharing on social media could not only leave you open to burglary but it could also invalidate your home insurance policy” is not a joke, this quote was given 2 years ago. Justice Gibson of the District Court of New South Wales raised the issue as early as 2014, the courts are not ready for this and for the most, they are only dealing with the fallout that Contract Law is giving them, more precisely the contracts that Insurance agencies have been working on. With currently well over 80% of Australians on social media (which is actually low compared to Scandinavian nations), the consideration of implementing certain risks is an essential need for any insurance agent. Yet, at what point can usage of social media be seen as evidence towards negligence? Mobile phones tells us where we are, smartphones tell everyone what we do (through our usage), and Smart TV’s give us what we watch, out interests and our activities, or lack thereof. At what point is any of this evidence to act, to surcharge to act as a penalty or as an option to nullify the security of insurance?

That is the part not considered and it gets even worse!

This is seen in the news that is hitting us now through what is marketed as Vault 7. CNN Money (at http://money.cnn.com/2017/03/09/technology/cia-smart-tv-wikileaks-public-hacks/) gives us the news on how the CIA is spying, although they do also mention “security researchers say the methods imitate exploits that were discovered — and made public years ago“, So when I see “Samsung warned users about exactly this type of susceptibility in 2015. The company told CNNTech this week that it is ‘urgently looking into the matter.’“, my question becomes: ‘How much data did you collect?‘, so as the warning is 2 years old, apart from making batteries explode, did you do anything to stop this threat? And as we see Dan Trentler, CEO of the Phobos Group security firm state: ‘That appears to be the same exploit he witnessed in action onstage at a security conference in 2013, he said‘, can we give accusation that there is nothing innocent going on and the level of negligence shown in one article spanning 3 years of events, that is enough to warrant a much larger investigation into privacy invasion by large corporations?

 

It is not about just consent, they are mining our choices and leaving us with less. You might not consider this or comprehend this, but it is an optimised way of American business. I have to explain this.

I was confronted with a larger group of board members of a large firm. As an ‘upper’ grunt I had two distinct jobs. One give the best service to my clients and protect them as much as possible from any negative event, which is what any good Technical consultant does. And I had to be faithful and supportive to my bosses, which is what a loyal employee does. Now consider the meeting where we get the premise: ‘What if you cannot service your client 100%, but only 80%, would that be acceptable?

Now, the danger here is that my answer would be a solid ‘No!’ A danger from the corporation side when we consider the introduction of service level agreements, the introduction that the client was unwilling to pay for the service given. How do you take a stand (driven by wisdom) at that point?

This is where you the consumer are at, but it comes from another direction. Places like Samsung, Sony, Microsoft, HP, IBM and Apple are all in the optimisation phase, because the economy is still not great and most of us would only be able to afford one of these devices, perhaps a second one for Christmas if we are lucky. So as we can get 2 out of 5, so how do corporations go about getting the largest share you can? Now we get to the AnswerTree part, you become smarter in how you get to your audience to choose you, not merely marketing but marketing to the most likely buying population. The question then becomes what options you have at your disposal. Do you sacrifice one device so you get an option to see 2 more options for alternative sale and get the contribution needed? The reasons is that in this day and age, it is not about revenue, when you are a listed company, when you have stakeholders, it will be about contribution (revenue minus costs), if you fail that, no great bonus, no mistress, no fast car and in the end no job.

So here we see the rundown on how Stephen Colbert became a danger to you, he made it into a CIA joke, whilst the bitter and solemn truth is that the real danger is the invitation you readily give out to all manner of freebie givers, only to learn the hard way that they get back what they gave out in tenfold, just by collecting your inactions and sell it to whomever can transform that into personal profit. So whilst some people are falling asleep reading (at http://searchhealthit.techtarget.com/essentialguide/Providers-adjusting-to-greater-use-of-social-media-in-healthcare) how social media is interacting in health care, consider what an insurer would give to know that you visited a free clinic for the third time this quarter. It might not cost them anything, but it will set a flag to raise premiums the next year. Did you consider that? And as we shrug at seeing “Social media analysis done with natural language processing has given care facilities a more efficient way to get patient feedback“, many will ignore, just like the previous example on raising premiums. Even as you consider a visit for planned parenthood to be perfectly natural and normal (which it is), but when the insurer realises that you will be needing to visit an OBGYN in the near future, you better realise that you are lucky if your premium rises with only 5%. That is the way business is done and the initial ‘risk’ numbers to which you were held at premium are 10 years old and you fall in a much higher group. Only the super healthy teenager who does not get sick gets the low increase, that whilst he was actually a 0% risk. How fair is that and why is the media not all over that on a daily basis?

The CIA was never worthy to be mentioned in this regard, for 99% of the Americans they are nothing as these 99% of Americans were harmless so the CIA never cared to begin with and that is the group Colbert was aiming for which is odd in one way and on the other hand, we do get that he is a comedian who is trying to entertain 100% of his clients, those who tune in on his version of humour. He cannot be faulted for that, the press at large however can be faulted and they should but they stay away from it for other reasons. Mainly because they want a slice of the Samsung $700 million advertisement budget (that is for the USA alone), Microsoft and Sony are in similar predicaments, which is why certain events will not make the front cover any day soon. The reason of data collection being the most obvious one, but at times it can be trivialised as they are only gamers, or it is only a console and consent is overrated. I’ll let you be the judge of what matters and what not, just remember, when you are no longer within the 80% of the group they cater for and you already bought the device, where will your rights be, or your service provider? Perhaps you get the same answer Microsoft gave me: ‘we have no control over uploads, that is all with your internet provider!‘ Interesting how my consent was manoeuvred around in all of this.

 

Leave a comment

Filed under Finance, IT, Law, Media, Politics, Science

What did I say?

Last night I got a news push from the Washington Post. It took me more than a second to let the news sink in. You see, I have been advocating Common Cyber Sense for a while and apart from the odd General being ignorant beyond belief, I expected for the most that certain players in the SIGINT game would have their ducks in a row. Yet, the opposite seems to be true when we see ‘NSA contractor charged with stealing top secret data‘ (at https://www.washingtonpost.com/world/national-security/government-contractor-arrested-for-stealing-top-secret-data/2016/10/05/99eeb62a-8b19-11e6-875e-2c1bfe943b66_story.html), the evidence becomes blatantly obvious that matters in the SIGINT industry are nowhere near as acceptable as we think they are. The quote “Harold Thomas Martin III, 51, who did technology work for Booz Allen Hamilton, was charged with theft of government property and unauthorized removal and retention of classified materials, authorities said. According to two U.S. officials familiar with the case, he is suspected of “hoarding” classified materials going back as far as a decade in his house and car, and the recent leak of the hacking tools tipped investigators to what he was doing“, so between the lines we read that it took a mistake after a decade for the investigators to find out? No wonder the NSA is now afraid of the PLA Cyber Division!

In this light, not only do I get to tell you ‘I told you so‘, I need to show you a quote from July 1st 2013, where I wrote “So if we consider the digital version, and consider that most intelligence organisations use Security Enhanced Unix servers, then just accessing these documents without others knowing this is pretty much a ‘no no’. EVEN if he had access, there would be a log, and as such there is also a mention if that document was copied in any way. It is not impossible to get a hold of this, but with each document, his chance of getting caught grows quicker and quicker“, so I questioned elements of the Edward Snowden case, because my knowledge of Security Enhanced Unix servers, which is actually an NSA ‘invention’, now it seems to become more and more obvious that the NSA has no flipping clue what is going on their servers. They seem to be unaware of what gets moved and more important, if the NSA has any cloud coverage, there is with this new case enough doubt to voice the concern that the NSA has no quality control on its systems or who gets to see data, and with the involvement of a second Booz Allen Hamilton employee, the issue becomes, have they opened up the NSA systems for their opponents (the PLA Cyber division being the most likely candidate) to currently be in possession of a copy of all their data?

If you think I am exaggerating, then realise that two people syphoned off terabytes of data for the term of a decade, and even after Snowden became visible, Harold Thomas Martin III was able to continue this for an additional 3 years, giving ample worry that the NSA needs to be thoroughly sanitised. More important, the unique position the NSA had should now be considered a clear and present danger to the security of the United States. I think it is sad and not irony that the NSA became its own worst enemy.

This is seen not in just the fact that Harold Thomas Martin III moved top secret data home, whilst he was at work a mere FSB or PLA intern could just jimmy the front door and copy all the USB devices. So basically he was potentially giving away data on Extremely Low Frequency (ELF) systems, which would be nice for the PLA Cyber Unit(s), as they did not have the capacity to create this themselves. So whilst they were accused for allegedly trying to get a hold of data on the laptop of Commerce Secretary Carlos Gutierrez (2008), they possibly laughed as they were just climbing into a window and taking all day to copy all the sweet classified data in the land (presumption, not a given fact). So he in equal measure pissed off the US, India and Russia. What a lovely day that must have been. In that regard, the Affidavit of Special Agent Jeremy Bucalo almost reads like a ‘love story’. With statements like “knowingly converted to his own use, or the use of another, property of the United States valued in excess of $1,000“. Can we all agree that although essential and correct, the affidavit reads like a joke? I mean that with no disrespect to the FBI, or the Special agent. I meant that in regard to the required personal viewed text: “Harold Thomas Martin III, has knowingly and intentionally endangered the safety and security of the United States, by placing top secret information and its multi-billion dollar value in unmonitored locations“, I do feel that there is a truth in the quote “The FBI’s Behavioural Analysis Unit is working on a psychological assessment, officials said. “This definitely is different” from other leak cases, one U.S. official said. “That’s why it’s taking us awhile to figure it out.”“. It is my personal view that I agree with this, I agree because I think I speculatively figured out the puzzle. He was a reservist, Reserve Navy and a Lieutenant at 51. So the Navy might not see him as ‘full’ or ‘equal’, this might have been his way, to read these documents at night, knowing that they will never have this level of clearance for such an amount of Top Secret information. With every additional document he would feel more in par with Naval Captains and Admirals, he would feel above all the others and if there was ever a conversation with people who did know, he had the option to leave the slightest hint that he was on that level, perhaps stating that he was also an NSA contractor. He star would suddenly be high with Commanders and higher. It is a personal speculation into the mind of Harold Thomas Martin III.

When we look at 18 U.S. Code Chapter 115 – TREASON, SEDITION, AND SUBVERSIVE ACTIVITIES. We see at paragraph 2381 “Whoever, owing allegiance to the United States, levies war against them or adheres to their enemies, giving them aid and comfort within the United States or elsewhere, is guilty of treason and shall suffer death, or shall be imprisoned not less than five years and fined under this title but not less than $10,000; and shall be incapable of holding any office under the United States“, now if we see the following elements ‘giving them aid and comfort within the United States‘ and the other elements are clearly stated as ‘or’ a case of treason could be made. In my view a person like that was guilty of treason the moment Top Secret materials were removed or copied from there assigned location and without proper clearance moved to an unsecure location. As an IT person Harold Thomas Martin III should have known better, there is no case of presumption of innocence. The fact that I made a case that he might have a mental issues does not mitigate it in any way, to do this in excess of a decade and even more insidious to do this for years after Edward Snowden got found out is also matter of concern.

The NSA has a sizeable problem, not just because of these two individuals, but because their servers should have has a massive upgrade years ago, in addition, the fact that contractors got away with all this is in equal measure even more insulting to a failing NSA. I can only hope that GCHQ has its ducks properly in a row, because they have had 3 years to overhaul their system (so tempted to put an exclamation mark here). You see, we have all known that for pretty much all of us, our value is now data. No longer people, or technologies, but data and to see 2 cases at the NSA, what was once so secret that even the KGB remained clueless is now, what we should regard as a debatable place. This should really hurt in the hearts of those who have faithfully served its corridors in the past and even today. In addition, the issues raised around 2005 by the CIA and other agencies regarding the reliability of contractors is now a wide open field, because those opposing it and those blocking data integration are proven correctly.

This now gets us to a linked matter. You see, it is not just the fact that the government is trailing in this field, because that has been an eternal issue. The issue is that these systems, due to the likes of Harold Thomas Martin III and Edward Snowden could be in danger of intrusions by organised crime.

For those thinking that I am nuts (on the road to becoming a Mars bar), to them I need to raise the issue of USB security, an issue raised by Wired Magazine in 2014. The fact that the USB is not just used to get data out, if malware was added to the stick, if it was custom enough, many malware systems might not pick up on it and that means that whomever got into the house, they could have added software, so that on the next run to copy a project, the system might have been opened up to other events. There is no way to prove that this happened, yet the fact remains that this is possible and the additional fact that this was happening for over 10 years is equally disturbing, because it means that the NSA monitoring systems are inadequate to spot unauthorised activities. These elements have at present all been proven, so there.

I think it is time for TRUSIX to convene again and consider another path, a path where USB sticks get a very different formatting and that its embedded encryption require the user, the location and the hardware id to be encrypted within the stick, in addition the stocks need to work with a native encryption mode that does not allow off site usage. Perhaps this is already happening, yet it was possible for Judas tainted Highwayman Harold to walk away with the goods, so something is not working at present. I am amazed that a system like that was not in place for the longest of times. I certainly hope that Director Robert Hannigan at GCHQ has been convening with his technology directors. In addition that there are some from Oxford and some from Cambridge, so that their natural aversion to the other, will bring a more competitive product with higher quality, which would serve all of GCHQ. #JustSaying

The one part where this will have an impact is the election, because this has been happening during an entire Democratic administration, so that will look massively sloppy in the eyes of pretty much every one, too bad Benghazi emails were not left that much under the radar, because that could have helped the Clinton election campaign immensely. Still, there are technology and resource issues. The fact that Booz Allen Hamilton gets mentioned again is unfortunate, yet this should only be a partial focus as they have 22,000 employees, so statistically speaking the number of transgressions is in that regard insignificant. What is significant is how these two got vetted and passed all their clearances. In addition to this there is the issue of operation centres. You see, if there has been data breaches, have there been system breaches? The question derives directly from the fact that data was taken off site and there were no flags or alerts for a decade. So at this point the valid question becomes whether NSOC and NTOC have similar flaws, which now places US Homeland Security in speculated direct data dangers. My consideration in this regard came from earlier mentions in this article. If any US opponent has a clue in this regard, what would be the repercussions, in addition, the question (due to my admitted ignorance) would be, did Edward Snowden have any knowledge of Harold Thomas Martin III, if so, was this revealed in any conversation Snowden would have had with a member of the FSB (there is absolutely no doubt that they had a ‘conversation’ with Edward Snowden whilst he was in sunny Moscow. If so, what data dangers is Homeland Security facing? If data was copied, it is not impossible that data was moved. If that has happened, any data event with any specific flag?

Now the next example is purely fictional!

What if conditionally an <!important> (or whatever flag the NSA uses in their data sets) was added or removed? If it was used to give weight to certain data observations, like a cleaning pass, the pass would either be useless, or misdirecting. All possible just because Harold Thomas Martin III had to ‘satisfy’ his ego. This is not whether it happened or not, this is about whether it was possible, which would give added voice to the NSA issues in play and the reliability of data. This is a clear issue when we consider that false journalistic stories give way to doubt anything the journalist has written, any issue with a prosecutor and all those cases need reviewing, so do you think it is any different for IT people who have blatantly disregarded data security issues? This is not some Market Researcher who faked response data, this is collected data which would have been intervened with, endangering the people these systems should protect. As stated, this is speculative, but there is a reality in all this, so the NSA will need to sanitise data and sources from the last 10 years. There is no telling what they will dig up. For me it is interesting to see this regarding Snowden, because I had my issues with him and how he just got data away from there. Now there is a chance that the NSA gets to rename their servers to NSA_Siff_01 to NSA_Siff_nn, wouldn’t that be the rudest wake up call for them? I reckon they forgot the old rules, the one being that technology moves at the speed of your fastest employee + 1 and the human ego remain the most dangerous opponent when it involves security procedures.

 

 

Leave a comment

Filed under IT, Law, Media, Military, Politics

Targeting the FBI

Do not worry, the FBI is not under attack from any hostile force, in this particular case it is me who will be on the offensive regarding statements made in 2014. Let me explain why. To get to the start of this event, we need to take a step back, to be a little more precise we need to turn to the moment 645 days ago when we read that Sony got hacked, it got hacked by none other than North Korea. It took me around an hour to stop laughing, the stomach cramps from laughter are still on my mind when I think back to that day. By the way, apart from me having degrees in this field. People a lot more trustworthy in this field, like Kim Zetter for Wired Magazine and Kurt Stammberger from cyber security firm Norse. The list of sceptics as well as prominent names from the actual hacking world, they all had issues with the statements.

We had quotes from FBI Director James Comey on how tightly internet access is controlled there (which is actually true), and (at https://www.fbi.gov/news/pressrel/press-releases/update-on-sony-investigation) we see “the FBI now has enough information to conclude that the North Korean government is responsible for these actions“. I am pretty sure that the FBI did not expect that this would bite them down the track. This all whilst they rejected the alternate hack theory that Cyber Intelligence firm Norse gave (at http://www.politico.com/story/2014/12/fbi-rejects-alternate-sony-hack-theory-113893). Weirdly enough, the alternative option was no less than ten times more possible then the claim that some made. Another claim to have a giggle at came from Homeland Security, the quote was “The cyber-attack against Sony Pictures Entertainment was not just an attack against a company and its employees. It was also an attack on our freedom of expression and way of life“, which is a political statement that actually does not say much. The person making it at the time was Jeh Johnson.

You see, this is all coming to light now for the weirdest of reasons. The Guardian (at https://www.theguardian.com/world/2016/sep/21/north-korea-only-28-websites-leak-official-data). The subtitle gives us “Apparent error by a regime tech worker gave the world a rare glimpse into the few online sources of information available“, so one of these high profile worldly infamous hackers got a setting wrong and we get “But its own contribution to the world wide web is tiny, according to a leak that revealed the country has just 28 registered domains. The revelation came after one of North Korea’s top-level name servers was incorrectly configured to reveal a list of all the domain names under the domain .kp“, you see, here we see part of the fun that will now escalate.

In this I invite NSA director Admiral Michael Rogers and FBI Director James Comey to read this, take note, because it is a free lesson in IT (to some extent). It is also a note for these two to investigate what talents their agencies actually have and to get rid of those who are kissing your sitting area for political reasons (which is always good policy). When  the accused nation has 28 websites, it is, I agree not an indication of other internet elements, but let me add to this.

The need to prototype and test any kind of malware and the infrastructure that could actually be used against the likes of Sony might be routed via North-Korea, but could never originate there. The fact that your boffins can’t tell the difference is a clear given that the cyber branch of your organisations are not up to scrap. In that case it is now imperative that you both contact Major General Christopher P. Weggeman, who is the Commander, 24th Air Force and Commander, Air Forces Cyber (AFCYBER). He should most likely be at Lackland Air Force Base, and the phone number of the base is (210) 671-1110. I reckon setting up a lunch meeting and learn a thing or two is not entirely unneeded. This is not me being sarcastic, this is me telling you two that the case was mishandled, got botched and now that due to North Korean ‘expertise’, plenty of people will be asking questions. The time requirement to get the data that got taken was not something that happened overnight. For the simple reason that that much data would have lit up an internet backbone and ever log alarm would have been ringing. The statement that the FBI made “it was unlikely that a third party had hijacked these addresses without allowance from the North Korean government” was laughable because of those pictures where we saw the Korean high-command behind a desktop system with a North Korean President sitting behind what is a mere desktop that has the computation equivalent of a Cuisena Egg Beater ($19.95 at Kitchen Warehouse).

Now, in opposition, I sit myself against me. You see, this might just be a rant, especially without clarification. All those North Korean images could just be misdirection. You see, to pull of the Sony caper you need stimulation, like a student would get at places like MIT, Stanford, or UTS. Peers challenging his solutions and blocking success, making that person come up with smarter solutions. Plenty of nations have hardware and challenging people and equipment that could offer it, but North Korea does not have any of that. The entire visibility as you would see from those 28 domains would have required to be of much higher sophistication. You see, for a hacker, there needs to be a level of sophistication that is begotten from challenge and experience. North Korea has none of that. Evidence of that was seen a few years ago when in 2012 in Pyongyang I believe, a press bus took a wrong turn. When some reporters mentioned on how a North Korean (military I believe) had no clue on smartphones. I remember seeing it on the Dutch NOS News program. The level of interaction and ignorance within a military structure could not be maintained as such the military would have had a clue to a better extent. The ignorance shown was not feigned or played, meaning that a technological level was missing, the fact that a domain setting was missed also means that certain monitoring solutions were not in place, alerting those who needed to on the wrongful domain settings, which is essential in regards to the entire hacking side. The fact that Reddit and several others have screenshots to the degree they have is another question mark in all this last but not least to those who prototype hacking solutions, as they need serious bandwidth to test how invisible they are (especially regarding streaming of Terabytes of Sony data), all these issues are surfacing from this mere article that the Guardian might have placed for entertainment value to news, but it shows that December 2014 is a very different story. Not only does it have the ability to exonerate the

We see a final quote from Martyn Williams, who runs the North Korea Tech blog ““It’s important to note this isn’t the domain name system for the internal intranet,” Williams wrote. “That isn’t accessible from the internet in any way.”” which is true to some extent. In that case take a look to the PDF (at https://www.blackhat.com/presentations/bh-usa-07/Grossman/Whitepaper/bh-usa-07-grossman-WP.pdf) from WhiteHat security. On page 4 we get “By simply selecting common net-block, scans of an entire Class-C range can be completed in less than 60 seconds“, yes, I agree you do not get that much info from that, but it gives us to some extent usage, you see, if something as simple as a domain setting is wrong, there is a massive chance that more obscure essential settings on intranet level have been missed, giving the ‘visitor’ options to a lot more information than most would expect. Another matter that the press missed (a few times), no matter how Time stated that the world was watching (at http://time.com/3660757/nsa-michael-rogers-sony-hack/), data needs to get from point to point, usually via a router, so the routers before it gets to North Korea, what were those addresses, how much data got ported through?

You see, the overreaction from the FBI, Homeland Security, NSA et al was overly visible. The political statements were so out in the open, so strong, that I always wondered: what else? You see, as I see it, Sony was either not the only one who got hacked, or Sony lost something else. The fact that in January 2015 Sony gave the following statement “Sony Entertainment is unable to confirm that hackers have been eradicated from its computer systems more than a month after the film studio was hit by a debilitating cyber-attack, a report says“, I mentioned it in my article ‘Slander versus Speculation‘ (at https://lawlordtobe.com/2015/01/03/slander-versus-speculation/). I thought it was the weirdest of statements. Basically, they had almost 3 weeks to set up a new server, to monitor all data traffic, giving indication that not only a weird way was used to get to the data (I speculated on an option that required it to be an inside job), yet more important, the fact that access had not been identified, meaning it was secured gave way to the issue that the hackers could have had access to more than just what was published. That requires a little bit more explanation. You see, as I personally see it, to know a transgressor we need to look at an oversimplified equation: ‘access = valid people + valid systems + threats‘ if threats cannot be identified, the issue could be that more than one element is missing, so either you know all the access, you know all the people and you know the identity of valid systems. Now at a place like Sony it is not that simple, but the elements remain the same. Only when more than one element cannot be measured do you get the threats to be a true unknown. That is at play then and it is still now. So if servers were compromised, Sony would need a better monitoring system. It’s my personal belief (and highly speculative) that Sony, like many other large companies have been cutting corners so certain checks and balances are not there, which makes a little sense in case of Sony with all those new expansions corners were possibly cut and at that point it had an IT department missing a roadmap, meaning the issue is really more complex (especially for Sony) because systems are not aligned. Perhaps that is the issue Sony had (again this is me speculating on it)?

What is now an issue is that North Korea is showing exactly as incapable as I thought it was and there is a score of Cyber specialists, many of them a lot bigger then I will ever become stating the same. I am not convinced it was that simple to begin with, for one, the amount of questions the press and others should have been asking regarding cloud security is one that I missed reading about and certain governmental parts in the US and other nations have been pushing for this cheaper solution, the issue being that it was not as secure as it needed to be, yet the expert levels were not on par so plenty of data would have been in danger of breaching. The question I had then and have now a lot louder is: “Perhaps Sony showed that cloud server data is even less secure than imagined and the level required to get to it is not as high as important stakeholders would need it to be“. That is now truly a question that matters! Because if there is any truth to that speculation, than the question becomes how secure is your personal data an how unaware are the system controllers of those cloud servers? The question not asked and it might have been resolved over the last 645 days, yet if data was in danger, who has had access and should the people have been allowed to remain unaware, especially if it is not the government who gained access?

Questions all worthy of answers, but in light of ‘statements made’ who can be trusted to get the people properly informed? Over the next days as we see how one element (the 28 sites) give more and more credible views on how North Korea was never the culprit, the question then becomes: who was? I reckon that if the likely candidates (China, Russia, UK and France) are considered there might not be an issue at all, apart from the fact that Sony needs to up their Cyber game, but if organised crime got access, what else have they gotten access to?

It is a speculative question and a valid one, for the mere reason that there is at present no valid indication that the FBI cyber unit had a decent idea, especially in light of the official response towards cyber security firm Norse what was going on.

Could I be wrong?

That remains a valid question. Even when we accept that the number of websites are no indication of Intranet or cybersecurity skills, they are indicative, when a nation has less websites than some third world villages, or their schools have. It is time to ask a few very serious questions, because skills only remain so through training and the infrastructure to test and to train incursions on a WAN of a Fortune 500 company is not an option, even if that person has his or her own Cray system to crunch codes. It didn’t make sense then and with yesterday’s revelation, it makes even less sense.

Finally one more speculation for the giggle within us all. This entire exercise could have been done to prevent ‘the Interview’ to become a complete flop. You know that movie that ran in the US in 581 theatres and made globally $11,305,175 (source: Box Office Mojo), basically about 10% of what Wolf of Wall Street made domestically.

What do you think?

 

Leave a comment

Filed under IT, Media, Military, Politics, Science

The Right Tone

Today we do not look at Ahmad Khan Rahami, we look at the engine behind it. First of all, let’s get ugly for a second. If you are an American, if you think that Edward Snowden was a ‘righteous dude’, than you are just as guilty as Ahmad Khan Rahami injuring 29 people. Let’s explain that to those who did not get through life through logic. You see, the US (read: NSA) needed to find ways to find extremists. This is because 9/11 taught them the hard way that certain support mechanisms were already in place for these people in the United States. The US government needed a much better warning system. PRISM might have been one of these systems. You see, that part is seen in the Guardian (at https://www.theguardian.com/us-news/2016/sep/20/ahmad-khan-rahami-father-fbi-terrorism-bombing), the quote that is important here is “Some investigators believe the bombs resemble designs released on to the internet by al-Qaida’s Yemeni affiliate through its Inspire publication“, PRISM would be the expert tool to scan for anyone opening or accessing those files. Those who get certain messages and attachments from the uploading locations. To state it differently “the NSA can use these PRISM requests to target communications that were encrypted when they travelled across the internet backbone, to focus on stored data that telecommunication filtering systems discarded earlier“, so when a package is send through the internet and delivered, it gets ‘dropped’, meaning the file is no longer required. The important part is that it is not deleted, it is, if we use the old terms ‘erased’, this is not the same! When it is deleted it is removed, when it is erased, that space is set as ‘available’ and until something else gets placed there it is still there. An example you will understand is: ‘temporary internet files’. When you use your browser things get saved on your computer, smartphone, you name it. Until this is cleaned out, the system has that history and it can be recalled with the right tool at any given moment. PRISM allows to find the paths and the access, so this now relates to the bomber, because if correct, PRISM could see if he had actually gotten the information from Inspire magazine. If so, a possible lone wolf would have been found. Now, the system is more complex than that, so there are other path, but with PRISM in the open, criminals (especially terrorists) have gotten smarter and because PRISM is less effective, other means need to be found to find these people, which is a problem all by itself! This is why Edward Snowden is a traitor plain and simple! And every casualty is blood on his hands and on the hands of his supporters!

The right tone is about more than this, it is also about Ahmad Khan Rahami. You see, he would be a likely recruit for Islamic State and Al-Qaida, but the issue is that his profile is not clean, it is not the target recruit. You see, apart from his dad dobbing him in in 2014, he stands out too much. Lone wolves are like cutthroats. Until the deed is done, they tend to remain invisible (often remain invisible after the deed too). There is still a chance he allowed himself to be used as a tool, but the man could be in effect a slightly radicalised mental health case. You see, this person resembles the Australian Martin Place extremist more than the actual terrorists like we saw in Paris. I reckon that this is why he was not charged at present. For now he is charges with attempted murder (3 hours ago), yet not all answers have been found. You see, the quote “they had linked Rahami to Saturday’s bombing in Chelsea, another unexploded device found nearby, both constructed in pressure cookers packed with metallic fragmentation material. They also said he was believed to be linked to a pipe bomb that blew up in Seaside Park, New Jersey, on Saturday and explosive devices found in the town of Elizabeth on Sunday“, the proper people need to ascertain whether he is just the set-up, or a loser with two left hands. The FBI cannot work from the premise that they got lucky with a possible radicalised person with a 60% fail rate. If he is the start of actual lone wolves, PRISM should have been at the centre of finding these people that is if Snowden had not betrayed his nation. Now there is the real danger of additional casualties. I have always and still belief that a lot of Snowden did not add up, in many ways, most people with actual SE-LINUX knowledge would know that the amount of data did not make sense, unless the NSA totally screwed up its own security (on multiple levels), and that is just the server and monitoring architecture, yet I digress (again).

The big picture is not just the US, it is a global problem as France found out the hard way and new methods are needed to find people like that. The right tone is about keeping the innocent safe and optional victims protected from harm. The truth here is that eggs will be broken, because an omelette like this needs a multitude of ingredients and not to mention a fair amount of eggs. The right tone is however a lot harder than many would guess. You see, even if Man Haron Monis (Martin Place Sydney) and Ahmad Khan Rahami both could be regarded as mental health cases (Man more than Ahmad), the issue of lone wolf support does not go away. Ahmad got to Inspire magazine in some way. Can that be tracked by the FBI cyber division? It might be a little easier after the fact, so it becomes about backtracking, but wouldn’t it have been great to do this proactively? It will be a while until this is resolved to the satisfaction of law enforcement and then still the question becomes, was he alone? Did he have support? You see a lone wolf, a radicalised person does not grow from within. Such a person requires coaching and ‘guidance’. Answers need to be found and a multitude of people will need to play the right tune, to the right rhythm. The right tone is not just a mere consideration, in matters like these it is like a red wire through it all. It is about interconnectivity and it is always messy. There is no clear package of events, with cash receipts and fingerprints. It is not even a legal question regarding what was more likely than not. The right tone is also in growing concern an issue of resources. It isn’t just prioritisation, it is the danger that mental health cases drain the resources required to go after the actual direct threats. With the pressures of Russia and the US growing, the stalemate of a new cold war front works in favour of Islamic state and the lone wolves who are linked to someone, but not usually know who. The workload on this surpasses the power of a google centre and those peanut places tend to be really expensive, so resource requirements cannot be meet, so it becomes for us about a commonwealth partnership of availability which now brings local culture in play. The intelligence community needs a new kind of technological solution that is set on a different premise. Not just who is possibly guilty, but the ability of aggregation of data flags, where not to waste resources. For example, I have seen a copy of Inspire in the past, I have seen radicalised video (for the articles). I don’t mind being looked at, yet I hope they do not waste their time on me. I am not alone. There are thousands who through no intentional act become a person of investigative interest. You see, that is where pro-activity always had to be, who is possibly a threat to the lives of others? The technical ability to scrap possible threats at the earliest opportunity. Consider something like Missing Value Analyses. It is a technique to consider patterns. SPSS (now IBM Statistics) wrote this in its manual “The Missing Value Analysis option extends this power by giving you tools for discovering patterns of missing data that occur frequently in survey and other types of data and for dealing with data that contain missing values. Often in survey data, patterns become evident that will affect analysis. For example, you might find that people living in certain areas are reluctant to give their annual incomes, thus creating missing values in your data. If you leave these values out, are your statistical conclusions valid?” (Source: M.A. Hill, ‘SPSS Missing Value Analysis 7.5’, 1997). This is more to the point then you think. consider that premise, that we replace ‘people living in certain areas are reluctant to give their annual incomes’ with ‘people reading certain magazines are reluctant to admit they read it’. It sounds innocent enough when it is Playboy or penthouse (denied to have been read by roughly 87.4% of the male teenage population), but what happens when it is a magazine like Inspire, or Stormfront? It is not just about the radicalised, long term it must be about the facilitators and the guides to that. Because the flock is in the long term not the problem, the herder is and data and intelligence will get us to that person. The method of getting us there is however a lot less clear and due to a few people not comprehending what they were doing with their short sightedness, the image only became more complex. You see, the complexity is not just the ‘missing data’, it is that this is data that is set in a path, this entire equation becomes a lot more unclear (not complex) when the data is the result of omission and evasion. How the data became missing is a core attribute here. Statisticians like Hackman and Allison might have looked at it for the method of Business Intelligence, yet consider the following: “What if our data is missing but not at random? We must specify a model for the probability of missing data, which can be pretty challenging as it requires a good understanding of the data generating process. The Sample Selection Bias Model, by James Heckman, is a widely used method that you can apply in SAS using PROC QLIM (Heckman et al., 1998)“, this is not a regression where we look at missing income. We need to find the people who are tiptoeing on the net in ways to not get logged, or to get logged as someone else. That is the tough cookie that requires solutions that are currently incomplete or no longer working. And yes, all these issues would require to be addressed for lone wolves and mental cases alike. A massive task that is growing at a speculated 500 work years each day, so as you can imagine, a guaranteed billion dollar future for whomever gets to solve it, I reckon massive wealth would be there for the person who could design the solution that shrinks the resource requirements by a mere 20%, so the market is still lucrative to say the least.

The right tone is an issue that can be achieved when the right people are handed the right tools for the job.

1 Comment

Filed under IT, Media, Military, Politics, Science

Did UKIP get it right?

That is a question that is slowly growing within the minds of Britons and non-Britons alike. Some will be in denial over it all, some will ignore their inner voice and some will ponder it. You see, once the banter and the mudslinging stops and people are sitting down thinking over a year in political waves, we are slowly getting the aftermath news and suddenly things are a lot less gloomy. Bloomberg gives us “There’s dwindling talk of a recession caused by the vote the leave the European Union, and British politicians are wondering if a “hard Brexit” option –rapid withdrawal from Europe without a new trade agreement – might be feasible. The answer is no. Such views rest upon bad economic reasoning and the cost of Brexit remains high, albeit mostly invisible for the time being“, is part of the news. You see, the scaremongers are now out of the view and the negative impacts, the ones we knew about are showing to be less negative than the scaremongers proclaimed. I agree and always did agree that the cost would be high. Mark Carney, Governor of the Bank of England had stated it, and in addition stated that there were elements that could not be forecasted. Which is also a truth. They are the invisible costs that will come and come again. The issue in my mind has always been, will it in the end be worth it (are the costs not unaffordable high) and I leaned more and more towards the Yes side!

You see, one of the main reasons for leaning towards Brexit was Mario Draghi. The trillion plus stimulus plans he had were too unfounded. Japan and the US are showing that there had been no clear increase whilst we hear opposite claims. The issue is actually brought to light by Bloomberg last week (at http://www.bloomberg.com/news/videos/2016-09-08/ecb-s-mario-draghi-downplays-more-stimulus), where we hear at 00:39 that there is an impact on the markets, but no real impact on the economy, which was my issue from the start. Politicians casually mixing both up in their speeches were playing, as I see it a flim-flam artist dictionary game, trying to make us think it is one and the same, yet they all know that it is not. So no real impact yet will over a trillion deeper in debt, only those on the financial markets, only some of them got a big payday out of all of it, the rest just has to assist in paying off the invoice. It is one of the pillars UKIP had!

Now we see even more issues, especially when we see additional issues in City A.M. (at http://www.cityam.com/249335/christine-lagarde-and-mario-draghi-call-politicians-do-more), with the quote “Christine Lagarde, head of the International Monetary Fund (IMF) and Mario Draghi, president of the European Central Bank (ECB) said governments and institutions needed to make sure their policies did not leave the poorest members of society behind, and called for structural reforms to help share the spoils of economic growth“, the failure of the European Community laid bare! You see, the people on EEC incomes have been meeting and not getting anywhere for almost 15 years now! The fact that tax laws and Corporate laws required revision even before 2004 as a requirement and after 2004 as a given is shown that none of this has been adequately done. The fact that the US played its cards in the Summit in the Netherlands in 2013, we all knew how that ended, so as we see that some are now crying cockroach, whilst littering food all over the floor only have themselves to thank for this situation. This all reflects back on the initial issue UKIP gave, ‘let’s make Britain about the British’. This is not racism, this is nationalism (read: nationalistic pride). An issue that neither Christine Lagarde nor Mario Draghi could resolve as they have been setting a neutral pose in aid of large corporations for far too long.

The next issue is the economic plan B that is now all over the news. The powerful monetary tool (TLTRO) that at 1:37 comes with the quote “that nobody has really fully understood or analysed“, and that is the plan B they are now grasping for!

TLTRO?

It is not a cereal or breakfast solution. It is a Targeted Long-Term Refinancing Operation. The ECB states “provide financing to credit institutions for periods of up to four years. They offer long-term funding at attractive conditions to banks in order to further ease private sector credit conditions and stimulate bank lending to the real economy“, that sounds nice on paper, but if we know that the impact is not understood, has never been analysed to the effect it is, this all whilst we know that taxation laws are failing and corporate laws are not up to scrap, the ECB quote could be translated to “provide financing to credit institutions for periods of up to four years. They offer a refinanced the current outstanding debts to banks, guaranteeing large bonuses by resetting bad debts and revitalising the conditions of what were supposed to be written off debts, giving a false incentive to a dangerous presented economy at present“, you see, I am almost stating the same whilst the intent completely changes, the markets are now getting a boost via the other side. This is a reality we could face!

You see, the view is given with “All the new operations will have a four-year maturity, with the possibility of repayment after two years” (at https://www.ecb.europa.eu/press/pr/date/2016/html/pr160310_1.en.html), yet like the US, Greece and Japan, it is almost a given (speculation from my side) that these maturities will be paid with new debts. When we see the quote “Counterparties will be able to repay the amounts borrowed under TLTRO II at a quarterly frequency starting two years from the settlement of each operation. Counterparties will not be subject to mandatory early repayments” gives way to the thought that it is entirely possible that when the debts mature, they could be replaced be a new debt. Giving weight to the dangers. The fact that the option ‘not subject to early repayments’ is clearly included gives ample weight to the solution, whilst not preventing additional debts from this rephrased stimulus. In the end, the economy will not prosper, the rise of the debt will. Whilst under the debts the UK already is, these arrangements are as I see it too dangerous, all this as the increase of debts only give rise and power to non-governmental institutions to grow their influence via corporations over nations. One of the better players (Natixis), had this quote “Natixis Asset Management ranks among the leading European asset managers with €328.6 billion in assets under management” (source at present intentionally omitted), with the TLTRO in play, depending on the rules of the game (which were not available to me at present), it is entirely possible that once really in play, banks can indirectly refinance risky debts in additional loans via the applicant and as such get themselves a boost. It could potentially allow Natixis to grow its asset management part up to 20%. The ECB states (at https://www.ecb.europa.eu/mopo/implement/omo/tltro/html/index.en.html) “The TLTROs are targeted operations, as the amount that banks can borrow is linked to their loans to non-financial corporations and households“, so basically companies in hardship can get relief, whilst the banks will still get their cut (aka administration and processing fee). Consider that Wealth Management is many things and Estate planning is one, now consider that Natixis has Credit and counterparty risks amounting in excess to 295 billion euro’s. Now there is a Draghi solution, one that no one seems to have ‘analysed’ that allows for solutions to non-financial corporations. Natixis is that, but their clients are not, and they can apply for the shifted funds, offsetting their loans, paying of the loans towards Natixis, who now have a massive amount of freed up cash that they can now pour into all kinds of solutions and endeavours. So do you still think that my view of 20% is oversimplified? And in 4 years? Well at that point, when things go south, Natixis and parties alike can jump in and possibly help out, ‘but at a price’ (which is fair enough).

This now reflects back to UKIP and Brexit!

The Guardian had an opinion piece (at https://www.theguardian.com/commentisfree/2014/sep/14/ttip-deal-british-sovereignty-cameron-ukip-treaty), that gives us the following, remember this is September 2014! “If you are worried about the power of corporations over our democracy, be very afraid: ISDS in effect grants multinationals the same legal position as a nation-state itself, and allows them to sue sovereign governments in so-called arbitration tribunals on the grounds that their profits are threatened by government policies. Is this scaremongering, as TTIP supporters claim?” So far there have been many voices who seem to be over the moon that the TTIP is now a failure and that the issues within the EU would have been far more reaching that many players were willing to admit to before the signing. Politico.eu reported “U.S. diplomats are sketching out a last-ditch plan to salvage core sections of the EU’s moribund trade deal with Washington“, that with the added “U.S. and Italian officials are now weighing the option of a “Step 1” deal to lock in elements that can be finalized by December, possibly including joint testing regimes and mutually agreed upon standards for cars, pharmaceuticals and medical devices“. It is clear that the US want to lock in Pharmaceuticals and cars, yet how is such a niche nothing more than a path trying to ditch the title ‘total loser government’ regarding the current administration. In addition “The idea has sparked immediate scepticism in the European Commission and in some EU member countries, which argue that any form of a downgraded deal will be very hard to sell politically, particularly after French Trade Minister Matthias Fekl and German Economy Minister Sigmar Gabriel turned hostile on the negotiations” gives way that BMW, Mercedes, Bayer Pharmaceuticals, Peugeot, Citroen and Sanofi are none too pleased with such a one sided piece of paper. The idea that such set benefits would be allotted at this point gives even more weight to some of the UKIP statements in the past.

If 2 out of the many projection come true, you are not suddenly a better prognosticator, mainly because that title is reserved for the likes of Punxsutawney Phil, Queen Charlotte and Shubenacadie Sam. Let’s face it, it is the title worthy of a groundhog! But some of these steps were clearly seen, because this is where everything was headed, the more forward you look, the easier the prediction could come true is not wrong, but only if you are travelling on a straight road. A road that corporate greed depends on I might say!

In my view, there is not enough to state that UKIP got it right, yet there are also enough facts and questions in play that UKIP did not get it wrong. We might listen those who keep on shouting that Brexit was wrong and see them as the people trying to reinvent the vote, but overall people are starting to realise that the US (read Wall Street) has been trying to give people a bad deal to benefit their own greed. The fact that this is going on at this very minute is equally a worry. This is on both sides of the isle, yet we can understand that Labour needs to clean house and they have decided on the method of accidentally leaking names. How will that solve anything? If Labour was on the ball, than they would steering towards real economic improvements, not bickering minors trying to decide who should be the number two, and soon thereafter remove the number one (read: allegedly attempt to). Actions that are totally counterproductive as the Conservatives are governing until the next general elections. It seems like such a waste of energy to me.

Now we see a new escalation. It seems (at http://www.ibtimes.co.uk/jean-claude-juncker-proposes-new-european-military-hq-worj-towards-eu-army-1581391). So the quote “The president of the European Commission Jean-Claude Juncker has called for a European Union military headquarters to work towards an EU-controlled army. Juncker made the proposals during his State of the Union address to MEPs in Strasbourg on Wednesday (14 September)“, which automatically makes me wonder how this correlates with Nazi Germany as this was how they resolves their bad economic times. It is a harsh history lesson to learn, but in that I am actually less afraid for a ‘new’ Nazi Europe. My issue is that many nations have their Cyber plan not in hand and any actions here give rise to the dangers that this would open up data for the Chinese Cyber groups to learn a lot more than they bargained for. You see, no matter how much denial we see, the facts are simple, Ren Zhengfei is the Huawei CEO and a former officer for the PLA. Now this does not mean that he is now still committed to the PLA, yet Huawei does business with the Chinese government and as such, they have all the specs and as such, they have all the weaknesses  of these devices too, meaning that governments all over Europe are in a possible place of Cyber Scrutiny. This does not mean that I am willing to just blindly accept the NSA report, but ties like that, when you are on these levels talking to the ruling members of Chinese government, you need to be networking on a massive scale and if both the Chinese military and Chinese Intelligence (MSS) gives you the thumbs up, you have been playing the game they want you to play, plain and simple. By the way, this is not a rant, or a side step into the matter, this is a direct factual response. Nigel Farage addressed the EU on an EU Army opposing it on valid points, and he got a few more hands clapping than his opponents are comfortable with. Now this was about opposition of the EU army as a whole, but underneath is the need for any military organisation to be secure and have systems in place, systems that could be compromised. In this Huawei could validly give the same argument that all Cisco Systems are compromised by the CIA and NSA. As we cannot prove either side, or perhaps even both sides, how to proceed? Both sides would be fair enough and it only makes a case strong enough to not proceed with any EU Army, which is no solution to any existing threat, will cost massive amounts of money (and that just the initial infrastructure) and with the current upcoming changes to the EC as a whole. Especially as Marine Le Pen has vowed to hold the French referendum if she is elected, this whilst several European magazines are now stating that France can no longer avoid Frexit (at https://www.letemps.ch/economie/2016/09/12/france-ne-pourra-eviter-frexit), which I stated was a growing realistic danger if Brexit would commence, in addition, Italy is seeding its own departure later this year, but no given certainty exists at present.

All these parts I gave visibility to almost 2 years ago, the press still largely in denial and additional players are now coming out to (as I personally see it) fill their pockets as fast as possible because when this comes to town and the referendums do fall, certain people will have to give account of their actions. The fact will remain that the Credit Card that Mario Draghi used will be spread over several nations, most of them with no option to get into deeper debt. So they have this to look forward to. In Italy there seems to be a plus side, as the larger players are now looking towards the option of as referendum, the act as such seems to be taking the wind out of the sails of Matteo Salvini, head of the far-right Lega Nord, which is regarded as a relief in many European nations. They seem to regard Matteo Salvini the same way that they regard the French Newspaper Minute, too far to the right and not really that readable. I cannot confirm that (as my French does not surpass the ability to read a menu), but I understand the sentiment as there have been Dutch papers on the other side of the political isle receiving similar accusations.

In the end Europe is about to take economic steps with large implications, the fact that they are trying to push it through regardless of whatever consideration it required, which makes me worried on the fact that the impact on the European populations have been ignored for too long. The weird thing is that any action should have been in support of the European population and their needs, giving weight to more than one statement from the side of Nigel Farage.

I would suggest you ponder those facts before blindly moving into the Bremain field in the near future, because there are several issues that no one can answer and they come with obscenely high price tags!

 

Leave a comment

Filed under Finance, Law, Media, Politics

Within the realm of privacy

We all have an inherent need for privacy, we want things to be at our leisure of contemplated sharing. Yet, what is privacy? On one side we want privacy, but the next moment ladies will share whether their carpet is a landing strip or a martini glass, I for one do not care. If they want to share certain parts that’s fine with me. I am not too much about sharing. On the other side, apart from a few MP3 files, there is nothing interesting on my mobile. I reckon that my mobile is one of the dullest ones around.

So when I initially heard about the FBI wanting to access the iPhone of Syed Farook, I shrugged my shoulders and went ‘whatever!’ meaning that I was not opposed and I did not care. It was the techdirt site that has an interesting fact from the court case.

Footnote 7, on page 18 details four possible ways that Apple and the FBI had previously discussed accessing the content on the device without having to undermine the basic security system of the iPhone, and one of them only failed because Farook’s employers reset the password after the attacks, in an attempt to get into the device“, so the boss went into ‘auto-moronic’ mode and did not check? He acted without knowing? So when we see “The ‘owner’ of course, being the San Bernardino Health Department, who employed Farook and gave him the phone. Basically, what this is saying is that if the password hadn’t been reset, it would have been possible to try to connect the phone to a ‘trusted’ network, and force an automatic backup to iCloud — which (as has been previously noted) was available to the FBI. But by ‘changing’ the password, apparently that option went away“, should we consider that his boss was stupid, or that his boss was scared he had done something wrong and this was his/her way of covering the mess up? (at https://www.techdirt.com/articles/20160219/17463033656/footnote-reveals-that-san-bernardino-health-dept-reset-syed-farooks-password-which-is-why-were-now-this-mess.shtml).

For the record, that was clear speculation on my side!

What happened was that Apple, the firm that initially ‘screwed over’ its customer base with error 53. A few days ago, the Guardian reported ‘Apple ordered to decrypt iPhone of San Bernardino shooter for FBI‘ (at http://www.theguardian.com/us-news/2016/feb/17/apple-ordered-to-hack-iphone-of-san-bernardino-shooter-for-fbi). In there we see the important quote: “In 2014, Apple began making iPhones with additional encryption software that they said they could not unlock, even if faced with a court order. Apple said this was done in the name of consumer privacy and cybersecurity, but the company has been locked in a public feud with the FBI since“. I understand that there is a need for privacy. My issue is why THIS level of privacy is needed. One could speculate that this is to keep the financial adviser’s customer base happy. I reckon that those people look for other means the moment their actions could be monitored, or investigated afterwards. Again, speculation from my side.

You see, I do not comprehend why law abiding citizens are so in fear, of what the government finds out. Most people can’t stop selfie themselves, their fashion and body parts to social media on a global scale. They tend to Facebook all details, especially when they are far away from home to ‘all’ their friends, so that the department of discreet entry and removal operations can empty their homestead in the meantime. With so much sharing, what privacy do you think you still have?

So back to the Granny Smith of automation, the next article (again the Guardian) gives us ‘FBI escalates war with Apple: ‘marketing’ bigger concern than terror‘ (at http://www.theguardian.com/technology/2016/feb/19/fbi-apple-san-bernardino-shooter-court-order-iphone), here we see the subtitle ‘Court filing from Department of Justice says Apple is more concerned with ‘its marketing strategy’ than helping FBI unlock San Bernardino shooter’s iPhone‘, which is fair enough when we consider that a failed marketing equals an alleged death in those houses. The quote “Cook called for public debate and has been backed in his fight by some of tech’s biggest names, including Google’s chief executive Sundar Pichai, WhatsApp and whistle-blower Edward Snowden“. I think that this is less about Americans and more about the 7 billion non-Americans that have this false fear of the CIA and the NSA. Yet in all this, the only true group to fear this is the 0.0001% of the population, I do not even register and in that regard most do not even register. Like the previous mass surveillance marketing ploy, simple fear mongering.

Now, let it be said that I have nothing against a person’s privacy and there is nothing wrong with wanting privacy, yet when we consider the 1.5 billion on Facebook, the 100 million on Instagram, the 307 million on Twitter and over 100 million users on Pinterest, we have well over 80% of the iPhone users on social media all sharing from mere events attended up to the grooming of the most private of parts, Which makes the shout for privacy a little too hilarious.

So how does this fit legally?

Well first there is the part that the DoJ is now relying on. It is the All Writs Act of 1789, which states “The Supreme Court and all courts established by Act of Congress may issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law“, which sounds rather nice,

Yet the fact that the DoJ needs to rely on an act that has, according to several press sources, only been used thrice is a little too novel.

When we consider that the ‘self-destruct’ was enable by Farook’s boss (making the device useless to thieves), only leaves the DoJ without options. What is interesting is when the last cloud backup has happened, had it happened at all? Too many question that are all in the realm of speculation and none of it gives way to legislation. The question becomes should it be? I am not opposing the FBI, CIA or NSA. Yet these alphabet groups do know that they are fishing in murky waters. You cannot expect a corporation to set a product meant for 1,000 million to have options for the internally build exemption of 5,000-7,000 users. The math just does not add up!

I was talking about the legality, so let’s continue there.

In McCabe v British American Tobacco Australia Services Ltd,’ and the appeal, British American Tobacco Australia Services Ltd v Cowell (Representing the Estate of McCabe (deceased)), exposed some of the difficulties that plaintiffs who sue large corporations may face in litigation involving access to documentation. The Victorian Court of Appeal reversed the first instance decision which had struck out the defence of a tobacco company (‘BAT’). The basis for the first instance decision was that BAT had systematically destroyed documents that might have been relevant to the plaintiff’s case. It important to state WHO destroyed documents. You see, in case of Farook it was the boss who ‘destroyed’ the options for information retrieval. The important issue is that INTENT becomes near impossible to prove. In addition that case gives us: “The High Court declined the opportunity to clarify the law in this important area by refusing leave to appeal. The effect of this case, absent statutory reform, is that corporations may destroy potential evidence provided that their actions do not constitute an attempt to pervert the course of justice or a contempt of court. These are notoriously difficult to establish” (source: Playing for keeps? Tobacco litigation, document retention, corporate culture and legal ethics by Matthew Harvey and Suzanne Lemire. The reason for going towards this case is that the entire approach to mobile architecture and auto-backup could instigate updates where the mirror is encrypted extern from Apple. Which means that any phone would have an XML set-up and data object, but the object would be irretrievable. The ‘responsibility’ for proper password maintenance would be kept with the ‘client’ or end user. Taking Apple out of the equation leaving the DoJ with the apple pie made from the famous Granny Smith (AKA Janet Abigail Doe).

This takes the entire cyber conversation towards Spoliated Evidence, where we see “a party is faced with the fact that certain key evidence has been destroyed, altered, or simply lost“, destroyed implies intent, but proving that is next to impossible (which got us the tobacco case. Altered is basically what the DoJ faces as the boss decided to reset the password, again malicious intent becomes next to impossible to prove, whilst lost is not in play in this case but could clearly complicate the issue if that was the case, as the DoJ would have no implied evidence at all.

This entire endeavour goes even further south when we consider Federal Insurance Co. v. Allister, 622 So. 2d 1348, 1351 (Fla. 4th DCA 1993), where the Fourth District decided to set forth five factors to consider before imposing sanctions for spoliation of evidence. They were:

  • whether there is prejudice;
  • whether the prejudice can be cured;
  • the practical importance of the evidence;
  • the good faith or bad faith surrounding the loss of evidence;
  • Possible abuse if the evidence is not excluded.

As bad faith is now linked to the degree of wilfulness, we get back to intent. If mere ‘negligent loss’ does not cut the cake and the cake cannot be devoured without the essential evidence, the entire issue goes nowhere really fast. Basically, it boils down to the boss of Farook having one set of glasses on with the limiting mindset of cost if his mobile was ‘abused in usage’, leaving Apple in the clear shrugging their shoulders going ‘not my problem now’, whilst in all this we are left with no evidence linking to intent or malice. That small scope that was available will in all expectations to be diminished further. It basically solves all of Apple’s problems.

In the need for privacy we have gone from exceptionally rare to just hilariously ridiculous. The Guardian article (at http://www.theguardian.com/technology/2016/feb/20/apple-fbi-iphone-explainer-san-bernardino) shows in equal measure another side. Which comes from Senator Ron Wyden, Democrat from Oregon. Here we read “Some are calling for the United States to weaken Americans’ cybersecurity by undermining strong encryption with backdoors for the government,” he wrote on Medium on Friday afternoon. “But security experts have shown again and again that weakening encryption will make it easier for foreign hackers, criminals and spies to break into Americans’ bank accounts, health records and phones, without preventing terrorists from ‘going dark’“, as such correctly implying that the medication will end up being a lot worse than the disease they face. In addition to that, should Farook have relied on another path, for example receive orders and message a ‘guild’ within a Facebook RPG game, the wasted time on the iPhone becomes nothing more than an iconic episode of the Comedy Capers. With these games receiving billions of messages a day, parsing though 1 of a dozen games would take years. The fact that none of this required any encrypted android or IOS system, just a mere desktop like millions of students use makes for the case against the Alphabet teams. When looking at Extremetech, we see a quote that is important in all this, the quote: “how terrorist organization uses social media to spread its message and radicalize curious readers. GWU’s research found that while ISIS uses a wide range of services, including Facebook, Google Plus, Kik, WhatsApp, and Tumblr, Twitter is the social media site of choice. Twitter already patrols and bans the accounts of ISIS supporters“, it casually forgets the 3-4 dozen accounts that do not raise any flags, the accounts that ACTUALLY bring details of the attacks to the transgressors.

 

 

 

Leave a comment

Filed under IT, Law, Media, Politics

Where are my lenses?

For a moment I was contemplating the Guardian article ‘National borders are becoming irrelevant, says John McDonnell‘, which could be seen as a load of labour by the Bollocks party, or is that a load of bollocks by the Labour party? Anyway, the article was so shaky that it did not deserve the paper to explain the load of bollocks in there. What is however an interesting article, is the article in the National Security section of the Washington Post. The article “‘Eyewash’: How the CIA deceives its own workforce about operations” is worthy of digging into for a few reasons (at https://www.washingtonpost.com/world/national-security/eyewash-how-the-cia-deceives-its-own-workforce-about-operations/2016/01/31/c00f5a78-c53d-11e5-9693-933a4d31bcc8_story.html).

Initially, the very first thought I had was regarding Lao Tsu, who gave us the quote: ‘Those who know do not speak. Those who speak do not know‘, which is a truth in all this.

Apart from the title, the first quote to look at is: “Senior CIA officials have for years intentionally deceived parts of the agency workforce by transmitting internal memos that contain false information about operations and sources overseas“, there are a number of issues here, but let’s focus on one thread for now.

You see the second quote “Agency veterans described the tactic as an infrequent but important security measure, a means of protecting vital secrets by inserting fake communications into routine cable traffic while using separate channels to convey accurate information to cleared recipients” is at the very core of this.

No matter how you slice and dice it, the CIA has had a number of issues since 2002. The first is that after two planes got the wrong end of a vertical runway, the game changed, suddenly there was a massive overhaul and suddenly it had to deal with the United States Department of Homeland Security. In 2002 the DHS combined 22 different federal departments and agencies into a unified, integrated cabinet agency. More important, the DHS was working within and outside of American borders.

Now, the blissfully ignorant (including a host of politicians) seemed to live with the notion that under one flag and united, these people would start playing nice. Now, apart from that being a shaped a joke of titanic proportions, hilarious and all, the reality is far from that. You see, both the FBI and the CIA (not to mention the NSA) suddenly had to worry about 240,000 people, 240,000 security screenings. What do you think was going to happen? The issue of ‘false information about operations and sources overseas‘ is not an issue until you try to exploit that information, which means that you are doing something ILLEGAL (to the extent of being worthy of a shot through the back of the head). ‘Eyewash’ is only one cog in a vast machine of smokescreens that counterintelligence has to see how certain tracks of misinformation makes it outside the walls of intelligent wailing. You must have heard the story of the Senator/Governor who has a ‘friend’ in the CIA, not all those ‘friends’ are working valid paths. The intelligence community is a closed one for a reason. There is a clear chain of command, which means that the CIA has a chain of command and if a Senator or a Governor wants information, there is a clear path that he/she walks, from that point a politician gets informed if that person is allowed or has a valid reason for knowing. If anyone needs to move outside that path, you better believe that it is for political or personal reasons!

Now we get the quote that matters “officials said there is no clear mechanism for labelling eyewash cables or distinguishing them from legitimate records being examined by the CIA’s inspector general, turned over to Congress or declassified for historians“, I am not sure that this is correct. The question becomes what paths and what changes were pushed through in the last 2 administrations? I am willing to contemplate that errors have popped up since the Bush Government, yet in all this the parties seem to forget that the DHS was a political solution pushed through by politicians within a year. I know at least three companies that seriously screwed up a reorganisation of no more than 1,500 people over the period of 2 years, so what did you think would happen when 240,000 people get pushed all over the place? In addition, when a massive chunk of the intelligence section went private to get an income that was 400% better than there previous income (same place, same job), additional issues became their own level of a problem within the DHS, CIA, FBI (and again the non-mentioned NSA).

There were all levels of iterative issues in DATAINT, SIGINT, IT and Tradecraft. Names like Bradley/Chelsea Manning and Edward Snowden might be the most visible ones, but I feel 99.99993422% certain (roughly), that there were more. Eyewash is one of the methods essential to keep others off balance and in the dark what actually was going on, because it was not their business or place to know this. This gets us to the following quotes “But a second set of instructions sent to a smaller circle of recipients told them to disregard the other message and that the mission could proceed” and ““The people in the outer levels who didn’t have insider access were being lied to,” said a U.S. official familiar with the report. “They were being intentionally deceived.”“, now consider this quote from another source “Having DOOMED SPIES, doing certain things openly for purposes of deception, and allowing our spies to know of them and report them to the enemy“, which comes from chapter 13 of Sun Tzu’s ‘The Art of War‘, a book that is almost 2,500 years old, and the tactic remains a valid one. Should you consider that to be hollow, than consider the little hiccup that the British Empire faced (I just love the old titles). Perhaps you remember the names:  Kim Philby, Donald Duart Maclean, Guy Burgess and Anthony Blunt. They made a massive mess of British Intelligence, it took them years to clean up the mess those four had left behind, now consider adding 245,000 names, for the most none of them had passed CIA and/or FBI clearances. So what options did the CIA have? In addition, as we saw more and more evidence of the events linking to Edward Snowden, additional questions on the clearing process should be asked in equal measure, which leads to: ‘What options did the CIA have?’

In that light, the quote “Federal law makes it a criminal offense when a government employee “conceals, covers up, falsifies or makes a false entry” in an official record. Legal experts said they knew of no special exemption for the CIA, nor any attempt to prosecute agency officials for alleged violations” becomes little more than a joke, for the mere reason that not making the intelligence community exempt from this would be a very dangerous issue indeed. You see, today the CIA has a larger issue than just small players like North Korea, it has to deal with business conglomerates all over the world and they have become close to sovereign financial entities in their own right. What happens when a Senator chooses to take a book filled with intelligence anecdotes, just because it is an American Corporation? What happens when he gets the multi-billion dollar deal and he only has to ‘sweeten’ the deal a little? This is entering a grey area that most regard to be a grey area no one wants to touch, but what if it is not a high ranking official? What if it is just a mid-level controller, or a mere IT member looking for a retirement fund? Suddenly, this scenario became a whole lot more realistic, didn’t it?

Eyewash is just one cog in a machine of cogs, it drives a certain amount of cogs of the machine and as certain levels of Intel makes it outside of the walls, counterintelligence has a path to trot on, the article only lightly (too lightly) treads on those elements (yet they are mentioned), but the overall issue of internal dangers that the CIA (et al) faces are almost trivialised, in addition, the entire issue of the DHS and the linked dangers of intelligence access remains untouched. That is perhaps the only issue the article has. Well, from my point it has a few more, like under valuating the need for counter intelligence and the fact that this tactic had been around for around 2,500 years, but let’s not squabble on minor details.

The only additional minor detail I would like to add is that in all this is the missing component of the chain of command towards the Director of National Intelligence (which at present is James Clapper), in opposition, there is no denying that there is an issue that the internal mechanisms for managing eyewash cables were largely informal, which is an issue, even if there would be a clear document, likely higher than Top Secret within the CIA on how to identify and/or classify eyewash cables. Which now only leaves us with the Eyewash cables by No Such Agency like the CIA, but that is something for another day.

 

Leave a comment

Filed under IT, Media, Military, Politics