Tag Archives: NSA

In light of the evidence

We tend to accept facts and given situations whenever we have a reliable source and a decent level of evidence. The interesting side is that howling to the moon like a group of sheep hoping the lone wolf will not hear them is an equally weird revelation. The question becomes at that point, who is the lone wolf and who are the sheep, because neither position nor identity is a given. Now, for the first art, we have the Guardian article (at https://www.theguardian.com/politics/2017/may/27/eu-theresa-may-combat-terror-brexit-europol), with the expected title ‘We need deal with the EU to combat terror, experts tell Theresa May‘, which of course gets them the DGSE, yet the usefulness of the rest becomes a bit of an issue. For this part we need to look somewhere else, and we will do that after the given quote in the mentioned article “Although our partnership with the US for intelligence sharing is extremely important, the fact is that the current terrorist threat is very much a European dimension issue. The Schengen database and knowing about who has moved where are all intimately dependent on European systems and we have got to try to remain in them“. This could be a valid and valued statement, yet is that truly the case? For this we need to take a little gander to another place of intelligence and Intel interest. The Cyber monkeys, or is that the cyber-mercenaries? The difference is merely a moment when you WannaCry 1.4. You will have heard, or perhaps read regarding the NHS as it was struck, here again we see: “However, it instead appears to be down to organisations and individuals failing to run keep Windows up to date“, which was actually voiced by NHS Digital, the failure of policies as they were not adhered to by IT staff, or at least those responsible for keeping those PC’s up to date with patches. The second quote given much earlier in the IT article is ““To be abundantly clear, the recent speculation concerning WannaCry attributes the malware to the Lazarus Group, not to North Korea, and even those connections are premature and not wholly convincing,” wrote James Scott, a senior fellow at the Institute for Critical Infrastructure Technology (ICIT)“, which is where I have been all along. The one nation that has less computer and internet innovation than a Nintendo GameCube sets this level of hardship? It is just too whack for thought. It is the quote “At best, WannaCry either borrowed heavily from outdated Lazarus code and failed to change elements, such as calls to C2 servers, or WannaCry was a side campaign of a minuscule subcontractor or group within the massive cybercriminal Lazarus APT” that changes the game. In addition we see: “The publication referred to “digital crumbs” that the cyber security firm had traced to previous attacks widely attributed to North Korea, like the Sony Pictures hack in late 2014″, we will exclude the quote “Shadow health secretary Jon Ashworth has said Labour would invest an extra £5 billion into new IT infrastructure for the NHS, after hospitals and services were affected by the widespread Ransomware attack on Friday“, especially as Labour had in the previous government wasted £11.2 billion on an IT system that never worked, so keeping them away from it all seems to be an essential first.

The issue is now in several phases. Who got hit (those not updating their systems). It affected according to some sources thousands of systems, yet when it comes to backtracking to a point of origin, the Cyber Intelligence groups remain unclear. The IT article (at http://www.itpro.co.uk/security/28648/nhs-ransomware-north-korea-may-not-be-behind-wannacry), gives us a few things, yet the clear reference to the Guardians of Peace, the identity the hackers had given themselves in the Sony event gives a few additional worries. Either this is clearly a mercenary group without identity, or we have a common new issue on identity when it comes to Cyber criminals. You see, as we see more and more proclaiming the links between the Lazarus group and North Korea, we do not get to see a clear link of evidence. Many sources give us ‘could be linked‘, or ‘highly likely‘, which is an issue. It makes the evidence too shallow and circumstantial. The NY Times gives us (at https://www.nytimes.com/2017/05/22/technology/north-korea-ransomware-attack.html) yet they are basically stating what Symantec game us and mention that. My issue here is “But the hackers left behind a trail of digital crumbs that Mr Chien and his colleagues had traced to previous attacks by the Lazarus Group“, what if the crumbs were an intentional side? You see, the quote “another group of hackers that call themselves the Shadow Brokers published the details of National Security Agency hacking tools that the WannaCry hackers were able to use to add muscle to their attacks” give a different light. The fact that there is a team reengineering tools and flaws to get somewhere fast is one. We have seen the lack of actual cyberpower of North Korea in the past, the fact that they are regarded on the same level as Chinese Cyber forces is a bit silly. You see, any country has its own level of savants, yet the fact that North Korea, a nation as isolated as it is, gets to be on par with China, an actual superpower that has Cyber infrastructures, experts at the University of Shanghai (the white paper on cracking AES-256, 2001), as well as a growing IT technology base is just a little too whack.

This now reflects back to the European need of Schengen. The UK needs quality intelligence and with the US breaches of Manchester, the fact that no high quality evidence was ever given regarding the Sony Hack, the growing source of all kinds of hacker names and no validity or confirmable way to identify these groups leaves us with a mess that pretty much anyone could have done this. In light of the NSA flaw finders, there is now more evidence in the open giving the speculative hacker as one with skills that equal and surpass people graduating with high honours at MIT, than anything North Korea could produce. It does not put North Korea in the clear (well the fact that the generals there had no comprehension of a smartphone should be regarded as such), and as we see the entire Bitcoin go forward, we need to take more critical looks at the given evidence and who is giving that evidence. We all agree that places like Symantec and Kaspersky should be highly regarded, yet I get the feeling that their own interns know more about hacking then the sum of the population of all North Koreans do, which is saying a lot. We see supportive evidence in the Business Insider (at http://www.businessinsider.com/wannacry-ransomware-attack-oddities-2017-5). Here we see IBM with “IBM Security’s Caleb Barlow, researchers are still unsure exactly how the malware spread in the first place. Most cybersecurity companies have blamed phishing emails — messages containing malicious attachments or links to files — that download the ransomware. That’s how most ransomware finds its way onto victims’ computers. The problem in the WannaCry case is that despite digging through the company’s database of more than 1 billion emails dating back to March 1, Barlow’s team could find none linked to the attack“, one billion emails! That is what we call actual evidence and here IBM is claiming that the issue of HOW the malware spread remains a mystery. Now, can you see that the entire North Korean issue is out of touch with the reality of Common Cyber Sense and Actual Cyber Security? Two elements, both are essential in all this. It is the lack of actual evidence that seems to be the issue, giving us the question, who wants the North Korea issue propagated? Any answer here is more likely to be political than anything else, which now gives us additional questions on where for Pete’s sake the need of European Intelligence remains as they fall short of providing answers. In light of the Schengen database. Why would that not be shared? If the US has access as a non-European, non-EC nation, why would the UK, a clear European nation be barred from access? With all the flawed acts by the US, having actual professionals look at Schengen data, seems to be an elemental first, would you not agree?

An additional question would be on how these Bitcoins would be cashed, it is not like an isolated nation like North Korea ever had a flying business in Bitcoins in the first place. It is actually (yes, I am shocked too), that quality information comes from PwC. In this case Marin Ivezic, a cyber-security partner. He gives us “EternalBlue (the hacking tool) has now demonstrated the ROI (return on investment) of the right sort of worm and this will become the focus of research for cybercriminals“, which would be a clear focus for veteran cyber criminals, yet the entire re-engineering foundation gives another slice of circumstantial evidence that moves us actually away from North Korea. So in this we have two elements. As the FBI and CIA have been all about pointing towards North Korea, the question becomes, where do they not want us to look and whatever else do they not have a handle on? These points are essential because we are shown an elemental flaw in Intelligence. When the source is no longer reliable, why would they be around in the first place? We can agree that governments do not have the goods on Cyber criminals, because getting anything of decent value, tends to require inside knowledge, which is the hardest to get in any case, especially with a group as paranoid as cyber criminals. The second side is that China and Russia were on the list as one of the few abled parties to get through Sony, yet Russia has fallen of the map completely in the last case, that whilst they are actually strengthening ties with North Korea. That does not make them guilty, yet on the sale required Russia was one of the few with such levels of Cyber skills. The fact that we see in the NY Times that it is too early to blame North Korea is equally some evidence, it gives vision to the fact that there are too many unknowns and when IBM cannot give view of any mail that propagated the worm, gives additional consideration that there are other places who cannot claim or show correctly how the worm got started, which is now an additional concern for anyone altering the work for additional harm. As the point of infection is not known, stopping the infection becomes increasingly difficult, any GP can tell you that side of the virus. There is one more side I would like to raise. This comes from a source (at http://securityaffairs.co/wordpress/59458/breaking-news/wannacry-linguistic-analysis.html), it is not a journalistic source, or a verified source, so please take consideration that this news could be correct. It is however compelling. The quote ““The text uses certain terms that further narrow down a geographic location. One term, “礼拜” for “week,” is more common in South China, Hong Kong, Taiwan, or Singapore. The other “杀毒软件” for “anti-virus” is more common in the Chinese mainland.” Continues the analysis “Perhaps most compelling, the Chinese note contains substantial content not present in any other version of the note, is lengthier, and differs slightly in format.” The English note of the ransomware appears well written, but it contains a major grammar mistake that suggests its author is either not a native speaker or possibly someone poorly educated“, that would make sense, yet how was that source acquired?

The second quote: ““Given these facts, it is possible that Chinese is the author(s)’ native tongue, though other languages cannot be ruled out,” Flashpoint concluded. “It is also possible that the malware author(s)’ intentionally used a machine translation of their native tongue to mask their identity. It is worth noting that characteristics marking the Chinese note as authentic are subtle. It is thus possible, though unlikely, that they were intentionally included to mislead.” The Flashpoint analysis suggests attackers may have used the Lazarus code as a false flag to deceive investigators, a second scenario sees North Korean APT recruiting freelance Chinese hackers to conduct the campaign” gives us a few elements, the element of misdirection, which I had noted on from other sources and the element that North Korea is still a consideration, yet only if this comes from a freelance hacker, or someone trying to get into the good graces of Pyongyang, both options are not out of the question as the lack of Cyber skills in North Korea is a little too well set from all kinds of sources. The writer Pierluigi Paganini is a Cyber professional. Now even as Symantec’s Eric Chien is from California, did they not have access to this part and did no one else correctly pick up on this? As I stated, I cannot vouch for the original source, but as I had questions before, I have a few additional questions now. So, exactly how needed is European Intelligence for the UK? I think that data should be shared within reason. The question becomes, how is Schengen data not shared between governments? The Guardian gives us “After the Manchester attack, which killed 22 people and left dozens of others grievously injured, it was revealed that suicide bomber Salman Abedi had travelled back to England from Libya via Turkey and Dusseldorf four days before the attack“, so how reliable is Turkish intelligence in the first place? How could he have prepared the bomb and get the ingredients in 4 days? There is an additional view on ISIS support active in the UK, yet as we now see that this drew attention to him, why on earth was the trip made? Also, was Libya or Mecca the starting point (source: claim from the father in earlier Guardian article)? How would sharing have resolved this?

Now look at this in light of the US leaks and the Cyber Intelligence of a dubious nature. There is a growing concern that the larger players NSA, DGSE, GCHQ have flaws of their own to deal with. As they are relying more and more on industry experts, whilst there is a lack of clear communication and reliable intelligence from such sources, the thoughts now become that the foundation of fighting terror is created by having a quality intelligence system that recognises the need for Cyber expertise is becoming an increasing issue for the intelligence branch. Should you wonder than, then reconsider the quote: ‘demonstrated the ROI (return on investment) of the right sort of worm and this will become the focus of research for cybercriminals‘, if you think that cyber jihadists are not considering the chaos that they could create with this, then think again.  They will use any tool to create chaos and to inflict financial and structural damage. They might not have the skills, yet if there is any reliable truth to the fact that the Lazarus group is in fact a mercenary outfit, there would be enough critical danger that they will seek each other out, that is providing that ISIS could bring cash to that table. I have no way of telling how reliable or how certain such a union could be. What is a known is that Sir Hugh Orde is not answering questions, he is creating them, as I personally see it. The quote “UK membership of EU bodies such as Europol and Eurojust, which brokers judicial co-operation in criminal cases, not only allowed access to huge amounts of vital data, but also meant UK police could set up joint inquiries with German police or those from other national forces without delay“. You see, the UK remains part of Europe and Interpol existed before the EC, so as we now see the virtual creation of red tape, the question becomes why the EU has changed rules and regulations to the degree that the UK would fall out of the boat. Is it not weird that the EU is now showing to be an organisation of exclusion? Even if we laugh on the ridiculous promises that Corbyn is making, just to be counted shows that there is a larger problem in place. Why is there suddenly a need for 1,000 more intelligence staff? Can we not see that the current situation is causing more issues then resolve them? As such, is throwing money and staff on a non-viable situation nothing less than creating additional worries?

The last part is seen in “The Schengen database and knowing about who has moved where are all intimately dependent on European systems and we have got to try to remain in them“, yet this does require all players to enter the data accurately, in addition, that only applies to people entering Schengen, yet as has been shown in the past, after that getting locations on people is becoming an increasingly difficult problem. The fact that after the Paris attacks, some people of interest were found to be in Belgium is one side, the fact that these people could have met up with all kinds of contacts on the road is another entirely. The truth is that the intelligence branch has no way of keeping track in such details. In addition we have seen that the list of people of interest is growing way beyond normal means and organising such data streams and finding new ways not just to find the guilty, but to decrease the list by excluding the innocent is growing in complexity on a nearly daily basis. And that is before the cyber mess is added to the cauldron of nutrition. There is at least a small upside, as the technology stream will soon be more and more about non-repudiation, there will be additional sources of information that adds the branches by pruning the list of people of interest. The extent of pruning is not a given and time will tell how this is resolved.

It all affects the evidence that the parties hold and how it is applied, it remains a matter of time and the proper application of intelligence.

 

Leave a comment

Filed under Finance, IT, Law, Media, Military, Politics, Science

Where to focus?

This is an issue on the best of days, we are overwhelmed with information, real news, fake news and of course the Direct marketing waves that hit our internet eyes nearly 24:7. The internet is no longer some child, it is a grown adult and adults tend to lack a certain sense of humour, well the adult eyes of the beholder that is. Yet, what matters to us? When we move beyond the job that feeds you, the partner that … you and the family that gives you (usually) strength. When these things are dealt with, what matters next?

The fearful will look at North Korea, on how they are a threat and when we look at the Washington Post, a very respectable paper we see (at https://www.washingtonpost.com/opinions/the-north-korean-nuclear-threat-is-very-real-time-to-start-treating-it-that-way/2017/05/18/d60cbeec-39a4-11e7-8854-21f359183e8c_story.html) on how the threat is real. Even as we saw two failed launches, and in addition, we have yet to see anything from North Korea to get any missile that far (reaching the US), that an opinion piece states: “Stephen Rademaker, a principal with the Podesta Group, was an assistant secretary of state responsible for arms control and nonproliferation from 2002 to 2006“, so here we see the message, yet the core truth is: “The Podesta Group is a lobbying and public affairs firm based in Washington, D.C.. It was founded in 1988 by brothers John Podesta and Tony Podesta, it can be found at 1001 G Street, NW Suite 1000 W Washington, DC 20001“. Basically it is a marketing firm working a very niche market. Don’t get me wrong. I am not ‘attacking’ them, I would accept a position in such a firm any day of the week. Whether we call them marketeers, government strategy councillors or even diplomatic assistants, they are professionals and I do love working with professionals, especially in an environment I am not fully comprehensive of. You see, when you are out of your waters, most people tend to get to be a little apprehensive. Not me, it invigorates me, whether it is working as a document carrier for Faisal bin Abdullah, or Salman bin Abdulaziz Al Saud, doing work for google (which has been one of the most mentally intoxicating and invigorating environments ever) or merely finding new data solutions, working through data and solving the puzzle I see. So is North Korea a real threat or a perceived one? The safe bet is too see them as a real threat as they have access to Uraninite. You see, the world tends to be a little more complex than that. Having the stuff is not enough, getting the delivery method working correctly is an entirely different matter. It can be by having people from Pyongyang masked as South Koreans attending international universities in science and engineering would be a first, which is not that far a stretch. I literally (by accident) I told this Korean student “Does your family still have that bar in Pyongyang?“, he turned pale and said ‘How did you know that?‘, which was not the response I was going for, but OK, such is life, full of surprises. So as you ponder this, wonder on how China has little or no worry. If North Korea ever actually launches a missile towards America, do you think that the President of the USA would not instantly retaliate (especially the current one), what happens to places like Shenyang (in China), also consider whatever hits the water will make fishing no longer an option for decades, Japan learned that the hard way, so there you have it. In addition, we have seen the North Korea military look at systems like they were magical and those were computers the current European generation laughs at. That can be corroborated by the press as they were on a North Korean press tour a little over a year ago. The ‘minders‘ of those groups had NEVER seen a smart phone. I think that North Korea talks a lot, but for now has no real byte. Now the last part of that the Podesta group is a professional organisation. So was it merely an opinion piece or was the article their business, business they charge for? I will leave you with that thought.

The older American would look at the danger of pensions, which we also see in the Washington Post (athttps://www.washingtonpost.com/news/powerpost/wp/2017/05/18/trumps-budget-calls-for-hits-on-federal-employee-retirement-programs), the article ‘Trump’s budget calls for hits on federal employee retirement programs‘ describes on how it impacts. The article is a really good read and gives me the feeling that US retirement plans are an awful mess, with the additional danger that they seem to be running dry slightly too soon, which is what you get with a 20 trillion-dollar debt I reckon. The quote “A preliminary budget document released in March called for a domestic discretionary budget decrease of $54 billion, with an equal increase for defense, homeland security and veterans. Nineteen 19 small agencies would be eliminated, along with their workforces“, the additional “Increasing the FERS employee contribution would result in the average federal employee losing nearly $5,000 per year in take home pay, that’s per year after the phase-in is finished, he estimated. “Phasing this outrageous pension cut in over several years does not make it any more palatable. If this change is made, federal employees will no longer have a secure retirement. Period.”” is even more food for thought. The one equaliser in American business has for the longest time been that those people had a secure retirement, when this is off the table the one part of quiet governmental officials was that there was a long term benefit, with that off the table the environment in government positions will change. Now, we might think that this is not a bad thing, but it will result in chaos, and when we have seen and known that the American infrastructure has no real way to deal with chaos in its ranks, we will see different whirly waves of discontent, a few will leave marks on everyone. So when we read “The budget proposal President Trump plans to unveil Tuesday would give to federal employees with one hand, while taking away with five others” is an interesting one and I reckon that when the full paper is released this coming Tuesday, the US national papers will give it high visibility, because the United States federal civil service has a total of around 3 million people, which is 1% of the US population, making it decently important to cater to them. Perhaps those trying to sell the change might have been better off talking to the Podesta group first?

For me, the news was not in a newspaper. It was found in Digital health article. It re-iterated the issue of ‘urgent change‘ I voiced in my blog yesterday. In there I showed the NHS digital part regarding the endgadget quote “NHS digital had notified staff on patches” which would have diminished the Cyber attack gives us two sides. One, would there have been diminished damage, because that would suffice as evidence. Yet in Digital health we see: “a small team of developers is recommending the health service reduce its reliance on Microsoft“, which is overall not a bad idea, yet the NHS is too big to just make a shift in policy like that. I would be in favour of a shift towards something a lot safer like Linux, but that requires expertise. Another option is to rely on an android option where the NHS is all about apps, equally optional, but it will require massive amounts of resources on programmers, testers, upgraders and cyber monitoring. All these options require a drastic shift in IT operations. When we accept that in too many places there is no minding the NHS IT store (by not patching) the dangers will increase. As I quoted: “It is also my personal belief that in many cases the person claiming ‘urgent action is needed’ is also the person who wants the ‘victim’ to jump the shark so that they can coin in as large a way as possible“, which is what we see right here in the article. Now consider the quote: “To demonstrate that there is a licence-free alternative, GP Marcus Baw and technologist Rob Dyke have adapted the open source Linux-based Ubuntu operating system specifically for the NHS. They call it NHSbuntu“. So why not just use the foundation called Ubuntu? I cannot judge the intent (noble or not), but consider that technologist Rob Dyke has to pay for rent and so much, where is his interest? Do not get me wrong, we should not just dismiss any idea that might work, yet will it? You see any IT environment needs oversight and maintenance. The NHS is in no position to make such drastic changes as it is short on basic needs (nurses and doctors), I do agree that the IT needs to be addressed, yet two Labour governments wasted the IT budget of close to 10 years, lets leave it alone until we can actually address solutions. In this, one additional quote from Beta News. they give us “The report reveals that 12.8 percent of non-Microsoft programs were un-patched in the first quarter of this year“. If patching is so important, and it is, why give voice to 12.8% of additional risk? As stated, I am no Microsoft fan, but it does work in the current NHS environment and if we believe NHS Digital and the trusts do actually patch their stuff, the danger would have been a lot lower. As the evidence is at present, this issue would have been addressed by mere policy and replacing those not adhering to it might be the cheapest and best solution. In all this IT News gives us one more part, the fact that Microsoft is actually releasing a patch for operating systems that are no longer supported is also evidence. I do not see it as merely “to protect the company’s customer ecosystem“, which is a decent answer if you believe that. You see they could have merely told the customers to freely upgrade to Windows 10. I believe that, as they state it “to protect users against NSA-derived ransomware“. I believe that someone has evidence on a Microsoft-NSA cooperation in the beginning of the data snooping age and somehow the makers of the Ransomware (less and less likely to be North Korean) got access to the information needed. I reckon that anyone upgrading will be removing the digital evidence on their computers of that event. If you doubt me, consider the quote in that same article “Current versions of WannaCrypt use two exploits leaked by the ShadowBrokers hackers, who gained access to systems at The Equation Group, which is linked to the United States NSA, last year“, if that is true, how did North Korea get this? If they are good enough to be allegedly part of the NSA (source: Kaspersky), how come that the bulk of the cyber intelligence world has no knowledge of North Korea being such a threat against a player like that? It does not matter how it got out. Whether it was a disgruntled ex-employee. Some hacker that got sucked and suckered by a honey trap, there are enough options nowadays. The reality is that somehow the intel got out. It is being addressed and fixed. It does not make the issue go away, it merely tells us that remaining up to date and properly patched was the way to go. Urgently addressing does apply to systems being reasonable up to date, which does mean that there are costs, pushing yourself away from Microsoft (not the worst idea) comes with a cost, one that the NHS cannot afford, no matter how ambitious it seems and they got plenty of that, especially with non working systems. So, lets not make that error twice!

So when you wonder where you need to focus, I am merely suggesting that when your private house is in order, consider playing a video game or watch a nice blu-ray. It seems to me that a balanced life is the most important thing you can arrange for yourself, let the circus play its game and decide not to watch every show they offer, in the end it could just be merely Direct Marketing.

Get what you actually need, not what others state you need!

 

Leave a comment

Filed under Finance, IT, Media, Military, Politics, Science

Finger in a dike

We have all heard the story of the boy who stopped a flood by putting his finger in a dike; Robin Williams made a reference to it and women in comfortable shoes in the past (whatever that means). The story is known, the act sounds just too ridiculous, because any flood that can be stopped with a finger is one that will not amount to much flooding. Yet the story behind it is very different. You see, the story is about the dangerous Muskrats, who dig themselves boroughs in dikes. These boroughs have canals that can go for hundreds of feet and as the Muskrat population grows, the dikes and dams they are in could be damaged beyond normal repair and that is when the dangers start, because dikes are important in the Netherlands. A large part of it is vastly below sea level, meaning that such a loss could have impacted safe living in that place. Muskrats are also fierce fighters and feeders, meaning that as their population grows, the other animals become extinct. Even as that rat has a usual lifespan for a year, in that year it can reap damage that only people can match. So as we consider the damage a year brings, we need to now consider todays story in the Guardian (at https://www.theguardian.com/politics/2017/may/14/freedom-of-information-act-document-leaks-could-become-criminal), where we see: “criminalise passing on information discoverable under FOI requests“, so basically any news given, even when it can be obtained by an FOI request can become an issue that follows prosecution and even conviction? How is anyone allowed to pass this as law allowed in office, especially as he lives by the motto that was a Herman Brood hit (read: I’ll never be clever). There is a weighting here. I for one have spoken out against the non-accountability of the press. The one time they got scared (read: The Leveson enquiry), they started to scream foul and promise bettering themselves. A promise some of the press broke even before the ink of that promised dried. Yet there is in equal measure a need to keep the people correctly and decently informed. There is a need to get cybersecurity on a decent level and there is a need to hunt down hackers. In this places like Sony are feeling the brunt of hackers and until the authorities are willing to execute the parents (or children) of these hackers, depending of the age of the hacker in front of their eyes, they will not ever see the light and these issues will happen. In this, the entire whistle-blower thing is another hot potato and some politicians seem to think that the one will stop the other, which is even more delusional than my idea of executions to make a point. There is another side to all this that is linked. You see, in the military there is a strict need of secrecy. In that this Bradley Manning person is just a traitor who did not realise just how stupid he really was. The fact that he did not spend life in prison until death is another failing which has been covered by too many for too long and too often. Julian Assange is another matter. Basically he was a mere facilitator, we might seem to consider him a traitor but in the end he did not break any laws and the US knows this, they just have another need to address the ego of certain people. I see Snowden as a traitor, plain and simple. As we were misrepresented with a movie, a book and all kinds of stories, there is still the issue that things did not add up. The never did and never will. In this light a whistle-blower seems to be a very different needed person (I will get to that later).

The three names mentioned all have their own role to play in all this. In case of Manning, it is treason plain and simple, whomever got him off lightly did a stellar Law job, but in the end, he committed treason under war time conditions. Bloomberg (at https://www.bloomberg.com/view/articles/2013-08-02/bradley-manning-s-crime-is-smaller-than-treason) gives us the view of John Yoo, a legal expert, whose view I share: “His actions knowingly placed the lives of American soldiers, agents, and allies at grave risk. In the world of instant, world-wide communications and non-state terrorist groups, Manning committed the crime of aiding the enemy, and he is lucky to escape the death penalty“. As an operator, Manning had access to do his job and he abused the access he had endangering the lives of his ‘fellow’ soldiers. In this the less diplomatic view would be that he was more entitled to death by hanging than some of those executed at Nuremberg. So as we realise that Manning soon could have more rights than an optional member of the press is just a little too insane in my book. In all this, as we see that part in a little biased light, we need to realise that the press has a need to expose certain elements. Yet they too are biased and they are biased towards advertisers and stakeholders, which is why certain military documents are placed in a juicy sexy light, yet the issues of Microsoft, Sony and a few others that clearly food for thought for a generation of consumers seems to be misplaced. So how should we see the less responsible acts of the press in that light?

The second part is Snowden, again, as I see it a traitor, here the issue is severe on all sides, the Intelligence community failed miserably on several sides as one person has seemingly access to systems that should have been monitoring access on a few sides. I saw within two hours at least 3 issues for consideration of prosecution of certain heads of intelligence for mere gross negligence. The issues found with NSA contractor Harold Thomas Martin III just adds to the issues in Alphabet soup land. In this there would have been the need of a very different whistle blower, one that could have walked into the US supreme court stating that his nation is in serious danger giving evidence free from prosecution where an ‘uncle’ of the NSA walks into the office of Admiral Rogers (current director, not the director at that time) asking what the f**k he thinks he is doing on the farm. In a system that is about subterfuge and misdirection, those making errors are often chastised in unbalanced ways. As they are about deadlines and being flawless (which is a delusion all by itself) finding ways to clear issues, solve issues and give support in a place that is relying just a little too much on contractors is an essential need. In this the US is the most visible, but we can agree that the UK has its own demons, the most visible ones were in the 70’s, yet the cloud is now a dangerous place and in addition, I foresee that the near future will bring us more, because if a place like Sony cannot keep a lid on its data, do you actually believe that the cloud is secure? It is not, because some people were pushing too fast for a technology that has issues on several levels. As the cloud grows the customer is no longest charged per Gigabyte, but per Terabyte, so as the cost seems to be 0.1% of what was, they are all seeing the financial benefit and they are clearly ignoring the need to comprehends data sizes and what to put where. As the sales teams are giving nice presentations on security and no loss of data, they seem to be a little more silent on amount of data replicated somewhere else. Which in case of Intelligence is a bit of an issue under the best conditions. By the way that switch from GB to TB happened in the last 5 years alone, so this market is accelerated but in ways that seems to be a little too uncomfortable and I love tech and I embrace it whenever possible, so others should be a lot more mindful and worried than I am at present.

Last we get to Julian Assange, he is either loved or hated. I tried to remain in the balance of it as he basically broke no laws, but to shed the dirty laundry in the way he did was a little stupid. We read all the things on how certain stuff was removed and so on, but there is an issue. In all this we heard all the military stuff, yet when the mention and threats of bank presentations came, he went quiet and dark less than 48 hours later, so it seems that some issues are just not given to the people, especially certain facts that should have been brought out. Here we see another side of the whistle-blower. I get that certain events should not be allowed out, yet when I read: “We would expand the Freedom of Information act to stop ministers and departments from being able to block the publication of information they see as politically inconvenient“, which we get from Tom Brake, Liberal Democrat Foreign Affairs spokesperson. We see another part of the conversation, one that needs scrutiny on a few levels. The entire issue that a conviction is possible for releasing information that is readily available under the FOI is dodgy to say the least. There is a side in my that there should be a certain level of control on whistle-blowers, yet in that same light as we see too often that corporate whistle-blowers are refused the light of day by the press calls for questions marks on the earliest given Mondays of any week.

If the dike is to stop the people from drowning we need to make sure that the muskrat is stopped for various reasons, yet when that dike is also the road that facilitates for the shipment of toxic waste, we need to wonder what the basic need of that specific dike is. And that is before we see that the road facilitates for ‘Big Pharma’ to ship its medication, whilst the 1000’s of tonnes of pharmaceutical waste is left ignored, which is ignored by the media when Dr Who (read: World Health Organisation) is telling people that there is now a direct danger to newborns, with in India alone an estimated 56,000 deaths of newborns dying from resistant infections. So as we see very little of that in the news, what are those opposing the whistleblowing actions crying about? They themselves have become filters on what the people are allowed to learn about. Doesn’t that sound slightly too sanctimonious to you?

The issue that goes on is that these events are less and less an issue of rarity. The Times (at https://www.thetimes.co.uk/edition/news/600-tonnes-of-waste-dumped-under-road-dmttlzrkh), gives us, when you are subscripted, a view that “Up to 600 tonnes of household rubbish have been dumped under the A40 in Buckinghamshire, in one of Britain’s worst incidents of fly-tipping”, this is not some issue that is done with a simple truck, this took time and staff. This was deliberate and orchestrated. In this the whistle-blower would have been essential in dealing with such a crime, as it stands now, it made someone an easy £90,000 and the damage could end up being considerable larger and more expensive. It is anyone’s guess if the CPS will ever secure an arrest and conviction. So as we see the toxicity of the changes the UK and others could face. When we consider the final part “Thomas Hughes, the executive director of Article 19, said: “The Law Commission’s proposals would move the clock backwards, undoing improvements in the UK’s 1989 Official Secrets Acts, and setting a dangerous example of eroding freedom of expression protections, which may be copied by oppressive regimes globally”, we must ask what the devils own sugar did the Law Commission have in mind when these changes were proposed. By the way, the moment it gets adopted, there is every chance that any person with direct links to Wall Street will see other sides. This is what we get from the NY Post, “The Financial CHOICE Act 2.0, which passed the House Financial Services Committee last week, has provisions to keep corporate whistle-blowers involved in any wrongdoing from collecting awards. The act would also require the whistle-blower to try to stop violations from happening within their company — a stipulation that advocates fear would force employees to choose between being fired or not reporting anything at all”, we see this at http://nypost.com/2017/05/14/whistleblower-bill-sparks-fear-among-advocates/, so you tell me who this is all supposed to benefit. As I see it, we see a shift where those who have not are stronger and stronger segregated from those who have and those who continuously want to have. A mere adaption from the battle strategy segregation, isolation and assassination? Assassination needs not resolve in death, today we see how economic and financial death could at times be much worse than anything permanently offered, although the mothers in India might disagree on that. The question becomes where does the press truly stand, with informing the people or with the advertisers they rely on nowadays?

 

Leave a comment

Filed under Finance, IT, Law, Media, Military, Politics

The light of exposure

In France everything is going topsy turvy, we see people who claim to have no gains in any of it make certain that anybody is elected, except for Marine Le Pen, even the current President of France is on that boat, which is interesting as he is at present regarded as the biggest political failure since WW2. I myself would like to remain neutral, which is almost not possible as out of nowhere a former investment banker is suddenly the favourite runner with no real main political experience. The political marketing department might like the fact that he will be the youngest French President, which makes almost as much sense as it would be for me to take over the clandestine department of the CIA, with all those Korean challenges? I’m game!

Yet as I see it, Emmanuel Macron made a large blunder on LinkedIn as he wanted France to head all kinds of environmental and climate research, which sounds nice as the population at large is all about climate, but he seems to forget that France has a 2.25 trillion Euro debt to deal with and the current French President is leaving France in a dire, weakened and unhealthy state. Something that can not now, and not ever be cured by throwing money in anything but a growing economy move. Even I could have done better than that. Both players for the hefty seat will need to consider that a true quality investigation in the French healthcare system will be next on the list. It is at present regarded as one of the best, yet by 2019 their numbers will drastically change as France has one contributing element. As the retirement age has shifted by 2 years, there will be a spike in both physical and mental health care that will at that moment spike to different levels. France has the benefit of seeing how wrong inaction has left the British NHS close to death, and this is whilst the retirement age was at present not affected, so in France a think-tank will need to convene on a structured overhaul that does not leave a non working system in hands of consultants for 11 billion and at that point be a non-working system. The British Labour party left them with this example. If met with the proper adjustment, Huawei Technologies and Google could have optional solutions in theory before the end of 2018 and implemented 2 years later. The question becomes who will be the player and how will it be implemented. Questions that require serious consideration and in my view the youthful investment banker might not have the solution, in equal measure I am not certain whether Marine Le Pen will fit that bill either. Yet what has been shown is that the current president has made little effort towards that growing dilemma.

So why is Macron the bad choice? I am not sure he is, but the issues we have seen with investment bankers do not make me confident. Even as we should agree that he married the love of his life even though she is a few decades older, which implies that he does not care about the opinion of others gives the vibes that he is made of stern stuff, something the French people desperately need after one tour of Francois ‘the paperback’ Hollande (as I personally see it). Yet, what wrong has Emmanuel Macron done? That is the issue, for the mere reason that there is nothing that shows he had done anything but bend the law without breaking it in the Nestle acquisition deal. So basically, this proclaimed Mozart of Finance is getting soiled in soot for the mere title of being a former investment banker. That is as far as I can take it with reliable information. The Rothschild bank empire keeps it laundry hidden and dry, neither the NSA or the CIA has anything on them (FBI has nothing either). Whatever others can find is either hear say of overextended triviality. Again, as I personally see it the entire board of commissioners of PwC will be in jail long before Rothschild bankers get into the dock in court. I am happy, but unlikely to be wrong here.

Yet these elements are not the only ones in play. During the next French administration banks are moving their interests and their work environment all over the globe, France will see its share of new challenges. As the UK is dealing with Brexit and their set of new challenges, France will also deal with other issues. Even as both are not looking towards the frontiers of what will be possible with 5G, we will see new views on security and cyber issues, not just in the WiMAX and 5G environment, there will be additional dangers and risks with the new IBM hype word! As blockchain is heralded as a new solution, there are inherent risks with a system that has these abilities. Not just in managing the data, the attached data goes much further, there is the risk that any system has more than a mere ‘massive disintermediation of the financial system’. There is the risk that a hiatus in ‘non-repudiation’ could leave a dangerous leap in the ‘who done it’ realm where nobody can be held to account. The fact that blockchain has no form of regulations whatsoever will give French banking laws additional headaches down the line. This is not just assumption (well, it is a little), the Washington Post was all about ‘Russian hackers‘ in French elections. That does not prove that it is not so, there is merely a lack of concrete data evidence and the quote “the front-runner in France’s presidential race carried digital “fingerprints” similar to the suspected Russian hacking of the Democratic National Committee and others in the 2016 U.S. election” give food for thought. As present the cyber units cannot even get on par with the criminals, as blockchain evolves in all kinds of ‘personal’ dialects in every nation, we will witness a new level of data adjustment. This does not mean that blackchains are evil or that they are instigate criminal activities, the timing that blockchains bring just as the data traffic from 5G could sent a 500% data traffic spike from 2020 onwards through the global online cloud community leaves us with a boatload of issues and in that, France will have its share of issues to deal with, so as there might be opportunity, there is a more than equal risk of harmful dangers. Europe at large is not ready and in a lack of checks and balances, the dangers of another 2004 and 2008 investment collapse is not out of the question, especially as the laws are still not ready to deal with the recurring danger of a 2008 finance event. In this France is in too weak a condition (as is the UK by the way). So consider that if we relate this to the Bitcoin, its volatility is in its foundation the same volatility that blockchain could face, with a truckload of return on investment risks. In this we might consider that Macron is the better candidate, but I am not convinced, in this both are not great options, yet still better than the others. It almost a Churchill moment “Democracy is the worst form of government, except for all those other forms that have been tried“, we could replace the word Democracy with either ‘Blockchain’ ‘Emmanuel Macron’ and ‘Marine Le Pen’. Although in the first example, we would need to exchange ‘government’ with ‘data system’ as well. In this day and age governments can no longer keep up and until the spirit of the law gets clearly enforced the population of any nation is in trouble. In this danger is too harsh a word but there is a risk and the press at large has proven to be little or no help (apart from some actual newspapers, who are some help).

As France goes to vote there is little that I can offer to the voters, only that they need to know who and what they are voting for. They need to realise that their immediate choice is for themselves and their family. For some it is one candidate for others there is the other candidate. With France having an explosive growth in poverty, the social element seems the most pressing one, but its solution is in other elements not in solving poverty but in growing a dire economy, a dire situation grown by what I regard to be outsourcing and the bottom Euro of getting things done cheaply. It is that proper reform that herald change and options, which puts the initial premise in the hands of Marine Le Pen, yet no matter how her national pride is set, if she cannot build solutions she would be a one term president too. For Macron it seems simple in the way he talks and he talks like a salesperson, but in this he needs an engine to deliver on his promises, this is something he cannot walk away from, whether he realises it to the degree is not certain, his LinkedIn message made that clear.

So no matter where the exposure ends, there are dangers that all nations of Europe will face, the sudden ‘relaxed’ shift from Mario Draghi is making that clear (Source: Financial Times). I think that this temporary ease of situation is merely to ‘atone’ for French voters, I think that the message is a dangerous one. Several sources are talking on the dangers of joint bonds an in addition the fat that Reuters views that Mario Draghi could lose credibility is not a fab, it is a realistic danger which people seem to be dimming to low until after the French elections. This as I see it implies that there is heavy weather ahead. This is strictly my personal view, yet in that regard I have been correct a few times too many. See my other blog articles to compare on that regard. In this there is partial data, there is the claim that the IMF has dropped the pledge to resist all forms of protectionism. For me the issue whether they dropped it, or merely did not make mention of it. The result is very different and in this it is not just about clarity, it is about changing channels of commerce. It is more than a mere view of ‘good business is where you find it’ versus ‘we all should be allowed to do business’, which is the more direct issue that will impact France too. Even as I have an issue with the President Trump’s tax breaks, there is one sight that is adamant. The economies are now no longer in the hands of the fat cats of Wal-Mart and corporations alike, it is in the hands of small businesses and families in stores. They will reduce tensions on infrastructure pressures and make combined ripples in a starting wave of commerce. France is one of the more likely places to get that going, much more so that the UK at present. In this France’s biggest enemy is the French language.

When it overcomes that barrier, it could start a wave of trendsetting businesses from local to global, how it is done remains open to the people deciding walking that path, it will be a personal choice for all who endeavour that step, but they can get there, they just need the proper exposure and support.

 

Leave a comment

Filed under Finance, IT, Media, Politics

The danger of Colbert and the Press

When we see an interview with General Michael Hayden and Stephen Colbert, it is hard to imagine, but it is actually Stephen Colbert who is endangering the lives of many. Did you realise that? First, the interview (at https://www.youtube.com/watch?v=buI8aO7nRDM) should be watched. It is a brilliant interview. Getting a former CIA and NSA director in view is always a little awesome and the man plays the audience brilliantly. Now, I say ‘play’ and I mean that in the best positive way. He is funny direct and answers the questions clearly. It is Hayden that gets the applause and it was an applause that was well deserved. He debunks conspiracy theorists and cuckoo cases all over America. Then something happens, suddenly Colbert does something dangerous and stupid. At 4:55 he plays the game regarding Smart TV’s spying on you, he plays us all as he is linking this to the CIA. What happened was that on February 6th the FTC fined Vizio $2.2 million for collecting viewing histories without users consent (at https://www.ftc.gov/news-events/press-releases/2017/02/vizio-pay-22-million-ftc-state-new-jersey-settle-charges-it), pretty much the same thing that Microsoft seems to be doing to its Xbox population at present and uploading their data into the Azure cloud (without consent).

This might seem like a nuisance, but it is a lot more than that. Large corporations have run out of spreadable funds and like any other corporations, they now need to optimise. It is almost the same situation that SPSS was selling when it offered companies a product called AnswerTree (back in 1997). Marketing firms had to get a certain quota, let’s say 4%, now to get there you could either throw more money on it, and going from 2% to 4% did not just mean a little over 100% more to get the growth. No, with their product AnswerTree, you could make an inventory of who you mailed and who responded and started to prune the tree of those who responded a lot below quota, so basically, the mailings became more efficient, a more clever path to the people buying and it is all perfectly legal and acceptable. That is what is happening now in new ways and Vizio got caught because it happened in an automated way without any level of consent. So who did not get caught? Because I can tell you right now that the bulk of the people with a smart TV have not considered where this data is being logged.

Now, I am going to ask you a question: ‘If marketing is harassment, is the marketing contact that you purchase from still a harasser?

If we have all the do not call registers, how long until these marketeers use other methods? Free games, free apps and free TV shows, all connected, you just have to agree to advertisements connected to them. It is a mere reward for exposure which is all perfectly valid. In all this the CIA was not a factor or a danger. It is the large corporations that are classifying you, more important, it is the links that they can resell that are a danger to your way of life, which is why at times smart TV’s are sold with 60% discount (speculation from my side).

In 2015 I would never have expected to be able to afford a 55 inch smart TV, it is huge (and I was happy with my 42 inch one) but it broke, I had a decent job, but the surprise that a brand new 100 Hz Sony 55 inch was priced down from $1900 to $800 (very lucky me), which was just ridiculous as the next TV (almost the same as my broken one) was a 40 inch at $699, which was perfectly decently priced for those days. Now, we can hang onto the idea that it was just a crazy sales, which does happen, but to flood the market with something almost twice the size, with much higher specifications at next to the same price as a small B-brand TV is too weird. It is almost like having a Canon 5D at the normal $2500 and offering next to it a Hasselblad X1D-50c at $3000, which would be awesome as these babies go for $13,000. It would be 20Mp versus 50Mp. As a photographer I can tell you that I would kill for a Hasselblad 50 Megapixel camera (and as I know the Evidence Act 1995, I might get away with it).

So, I hope you understand the weirdness of such good deals. And in all this, Sony has the ability to capture this data (I am not accusing them of doing this, I have no evidence of any kind that this is happening), but the threat to our privacy is real. Now you might not think that this is important. Yet consider that this data could be sold, how many hours are you not sporting, how many hours do you watch TV and what do you watch? How long until you suddenly get a 12% spike in health insurance? There is where the difference is! You see, these players are very very interested in that data, minimise their risk and charge extra to anyone that is a risk. In my case it does not matter, my smart TV is connected to my console and my Blu-ray player, so there is no ‘smart’ data to capture. What is important for these sales people that the 0.5% of the group that I represent is not the issue, their value is the 80%+ that does connect their TV for Netflix and other reasons, that is where their value is and it is potentially bringing in millions, so the 60% discount is a joke to them. That is the part Colbert smoothly walked over whilst he joked about the CIA and the press at large stayed away from that FTC ruling, so there is one of the dangers.

The other danger is organised crime. How long until people realise that being away from home means no TV? That means that the smart TV logs are not showing movement. How long until the criminals can connect smart TV usage and social media action into, which house is empty? Oh and as you advertise on Facebook that you are on Cuba, how long until you realise that you gave away the info that your house is unprotected? More important the quote “Oversharing on social media could not only leave you open to burglary but it could also invalidate your home insurance policy” is not a joke, this quote was given 2 years ago. Justice Gibson of the District Court of New South Wales raised the issue as early as 2014, the courts are not ready for this and for the most, they are only dealing with the fallout that Contract Law is giving them, more precisely the contracts that Insurance agencies have been working on. With currently well over 80% of Australians on social media (which is actually low compared to Scandinavian nations), the consideration of implementing certain risks is an essential need for any insurance agent. Yet, at what point can usage of social media be seen as evidence towards negligence? Mobile phones tells us where we are, smartphones tell everyone what we do (through our usage), and Smart TV’s give us what we watch, out interests and our activities, or lack thereof. At what point is any of this evidence to act, to surcharge to act as a penalty or as an option to nullify the security of insurance?

That is the part not considered and it gets even worse!

This is seen in the news that is hitting us now through what is marketed as Vault 7. CNN Money (at http://money.cnn.com/2017/03/09/technology/cia-smart-tv-wikileaks-public-hacks/) gives us the news on how the CIA is spying, although they do also mention “security researchers say the methods imitate exploits that were discovered — and made public years ago“, So when I see “Samsung warned users about exactly this type of susceptibility in 2015. The company told CNNTech this week that it is ‘urgently looking into the matter.’“, my question becomes: ‘How much data did you collect?‘, so as the warning is 2 years old, apart from making batteries explode, did you do anything to stop this threat? And as we see Dan Trentler, CEO of the Phobos Group security firm state: ‘That appears to be the same exploit he witnessed in action onstage at a security conference in 2013, he said‘, can we give accusation that there is nothing innocent going on and the level of negligence shown in one article spanning 3 years of events, that is enough to warrant a much larger investigation into privacy invasion by large corporations?

 

It is not about just consent, they are mining our choices and leaving us with less. You might not consider this or comprehend this, but it is an optimised way of American business. I have to explain this.

I was confronted with a larger group of board members of a large firm. As an ‘upper’ grunt I had two distinct jobs. One give the best service to my clients and protect them as much as possible from any negative event, which is what any good Technical consultant does. And I had to be faithful and supportive to my bosses, which is what a loyal employee does. Now consider the meeting where we get the premise: ‘What if you cannot service your client 100%, but only 80%, would that be acceptable?

Now, the danger here is that my answer would be a solid ‘No!’ A danger from the corporation side when we consider the introduction of service level agreements, the introduction that the client was unwilling to pay for the service given. How do you take a stand (driven by wisdom) at that point?

This is where you the consumer are at, but it comes from another direction. Places like Samsung, Sony, Microsoft, HP, IBM and Apple are all in the optimisation phase, because the economy is still not great and most of us would only be able to afford one of these devices, perhaps a second one for Christmas if we are lucky. So as we can get 2 out of 5, so how do corporations go about getting the largest share you can? Now we get to the AnswerTree part, you become smarter in how you get to your audience to choose you, not merely marketing but marketing to the most likely buying population. The question then becomes what options you have at your disposal. Do you sacrifice one device so you get an option to see 2 more options for alternative sale and get the contribution needed? The reasons is that in this day and age, it is not about revenue, when you are a listed company, when you have stakeholders, it will be about contribution (revenue minus costs), if you fail that, no great bonus, no mistress, no fast car and in the end no job.

So here we see the rundown on how Stephen Colbert became a danger to you, he made it into a CIA joke, whilst the bitter and solemn truth is that the real danger is the invitation you readily give out to all manner of freebie givers, only to learn the hard way that they get back what they gave out in tenfold, just by collecting your inactions and sell it to whomever can transform that into personal profit. So whilst some people are falling asleep reading (at http://searchhealthit.techtarget.com/essentialguide/Providers-adjusting-to-greater-use-of-social-media-in-healthcare) how social media is interacting in health care, consider what an insurer would give to know that you visited a free clinic for the third time this quarter. It might not cost them anything, but it will set a flag to raise premiums the next year. Did you consider that? And as we shrug at seeing “Social media analysis done with natural language processing has given care facilities a more efficient way to get patient feedback“, many will ignore, just like the previous example on raising premiums. Even as you consider a visit for planned parenthood to be perfectly natural and normal (which it is), but when the insurer realises that you will be needing to visit an OBGYN in the near future, you better realise that you are lucky if your premium rises with only 5%. That is the way business is done and the initial ‘risk’ numbers to which you were held at premium are 10 years old and you fall in a much higher group. Only the super healthy teenager who does not get sick gets the low increase, that whilst he was actually a 0% risk. How fair is that and why is the media not all over that on a daily basis?

The CIA was never worthy to be mentioned in this regard, for 99% of the Americans they are nothing as these 99% of Americans were harmless so the CIA never cared to begin with and that is the group Colbert was aiming for which is odd in one way and on the other hand, we do get that he is a comedian who is trying to entertain 100% of his clients, those who tune in on his version of humour. He cannot be faulted for that, the press at large however can be faulted and they should but they stay away from it for other reasons. Mainly because they want a slice of the Samsung $700 million advertisement budget (that is for the USA alone), Microsoft and Sony are in similar predicaments, which is why certain events will not make the front cover any day soon. The reason of data collection being the most obvious one, but at times it can be trivialised as they are only gamers, or it is only a console and consent is overrated. I’ll let you be the judge of what matters and what not, just remember, when you are no longer within the 80% of the group they cater for and you already bought the device, where will your rights be, or your service provider? Perhaps you get the same answer Microsoft gave me: ‘we have no control over uploads, that is all with your internet provider!‘ Interesting how my consent was manoeuvred around in all of this.

 

Leave a comment

Filed under Finance, IT, Law, Media, Politics, Science

What did I say?

Last night I got a news push from the Washington Post. It took me more than a second to let the news sink in. You see, I have been advocating Common Cyber Sense for a while and apart from the odd General being ignorant beyond belief, I expected for the most that certain players in the SIGINT game would have their ducks in a row. Yet, the opposite seems to be true when we see ‘NSA contractor charged with stealing top secret data‘ (at https://www.washingtonpost.com/world/national-security/government-contractor-arrested-for-stealing-top-secret-data/2016/10/05/99eeb62a-8b19-11e6-875e-2c1bfe943b66_story.html), the evidence becomes blatantly obvious that matters in the SIGINT industry are nowhere near as acceptable as we think they are. The quote “Harold Thomas Martin III, 51, who did technology work for Booz Allen Hamilton, was charged with theft of government property and unauthorized removal and retention of classified materials, authorities said. According to two U.S. officials familiar with the case, he is suspected of “hoarding” classified materials going back as far as a decade in his house and car, and the recent leak of the hacking tools tipped investigators to what he was doing“, so between the lines we read that it took a mistake after a decade for the investigators to find out? No wonder the NSA is now afraid of the PLA Cyber Division!

In this light, not only do I get to tell you ‘I told you so‘, I need to show you a quote from July 1st 2013, where I wrote “So if we consider the digital version, and consider that most intelligence organisations use Security Enhanced Unix servers, then just accessing these documents without others knowing this is pretty much a ‘no no’. EVEN if he had access, there would be a log, and as such there is also a mention if that document was copied in any way. It is not impossible to get a hold of this, but with each document, his chance of getting caught grows quicker and quicker“, so I questioned elements of the Edward Snowden case, because my knowledge of Security Enhanced Unix servers, which is actually an NSA ‘invention’, now it seems to become more and more obvious that the NSA has no flipping clue what is going on their servers. They seem to be unaware of what gets moved and more important, if the NSA has any cloud coverage, there is with this new case enough doubt to voice the concern that the NSA has no quality control on its systems or who gets to see data, and with the involvement of a second Booz Allen Hamilton employee, the issue becomes, have they opened up the NSA systems for their opponents (the PLA Cyber division being the most likely candidate) to currently be in possession of a copy of all their data?

If you think I am exaggerating, then realise that two people syphoned off terabytes of data for the term of a decade, and even after Snowden became visible, Harold Thomas Martin III was able to continue this for an additional 3 years, giving ample worry that the NSA needs to be thoroughly sanitised. More important, the unique position the NSA had should now be considered a clear and present danger to the security of the United States. I think it is sad and not irony that the NSA became its own worst enemy.

This is seen not in just the fact that Harold Thomas Martin III moved top secret data home, whilst he was at work a mere FSB or PLA intern could just jimmy the front door and copy all the USB devices. So basically he was potentially giving away data on Extremely Low Frequency (ELF) systems, which would be nice for the PLA Cyber Unit(s), as they did not have the capacity to create this themselves. So whilst they were accused for allegedly trying to get a hold of data on the laptop of Commerce Secretary Carlos Gutierrez (2008), they possibly laughed as they were just climbing into a window and taking all day to copy all the sweet classified data in the land (presumption, not a given fact). So he in equal measure pissed off the US, India and Russia. What a lovely day that must have been. In that regard, the Affidavit of Special Agent Jeremy Bucalo almost reads like a ‘love story’. With statements like “knowingly converted to his own use, or the use of another, property of the United States valued in excess of $1,000“. Can we all agree that although essential and correct, the affidavit reads like a joke? I mean that with no disrespect to the FBI, or the Special agent. I meant that in regard to the required personal viewed text: “Harold Thomas Martin III, has knowingly and intentionally endangered the safety and security of the United States, by placing top secret information and its multi-billion dollar value in unmonitored locations“, I do feel that there is a truth in the quote “The FBI’s Behavioural Analysis Unit is working on a psychological assessment, officials said. “This definitely is different” from other leak cases, one U.S. official said. “That’s why it’s taking us awhile to figure it out.”“. It is my personal view that I agree with this, I agree because I think I speculatively figured out the puzzle. He was a reservist, Reserve Navy and a Lieutenant at 51. So the Navy might not see him as ‘full’ or ‘equal’, this might have been his way, to read these documents at night, knowing that they will never have this level of clearance for such an amount of Top Secret information. With every additional document he would feel more in par with Naval Captains and Admirals, he would feel above all the others and if there was ever a conversation with people who did know, he had the option to leave the slightest hint that he was on that level, perhaps stating that he was also an NSA contractor. He star would suddenly be high with Commanders and higher. It is a personal speculation into the mind of Harold Thomas Martin III.

When we look at 18 U.S. Code Chapter 115 – TREASON, SEDITION, AND SUBVERSIVE ACTIVITIES. We see at paragraph 2381 “Whoever, owing allegiance to the United States, levies war against them or adheres to their enemies, giving them aid and comfort within the United States or elsewhere, is guilty of treason and shall suffer death, or shall be imprisoned not less than five years and fined under this title but not less than $10,000; and shall be incapable of holding any office under the United States“, now if we see the following elements ‘giving them aid and comfort within the United States‘ and the other elements are clearly stated as ‘or’ a case of treason could be made. In my view a person like that was guilty of treason the moment Top Secret materials were removed or copied from there assigned location and without proper clearance moved to an unsecure location. As an IT person Harold Thomas Martin III should have known better, there is no case of presumption of innocence. The fact that I made a case that he might have a mental issues does not mitigate it in any way, to do this in excess of a decade and even more insidious to do this for years after Edward Snowden got found out is also matter of concern.

The NSA has a sizeable problem, not just because of these two individuals, but because their servers should have has a massive upgrade years ago, in addition, the fact that contractors got away with all this is in equal measure even more insulting to a failing NSA. I can only hope that GCHQ has its ducks properly in a row, because they have had 3 years to overhaul their system (so tempted to put an exclamation mark here). You see, we have all known that for pretty much all of us, our value is now data. No longer people, or technologies, but data and to see 2 cases at the NSA, what was once so secret that even the KGB remained clueless is now, what we should regard as a debatable place. This should really hurt in the hearts of those who have faithfully served its corridors in the past and even today. In addition, the issues raised around 2005 by the CIA and other agencies regarding the reliability of contractors is now a wide open field, because those opposing it and those blocking data integration are proven correctly.

This now gets us to a linked matter. You see, it is not just the fact that the government is trailing in this field, because that has been an eternal issue. The issue is that these systems, due to the likes of Harold Thomas Martin III and Edward Snowden could be in danger of intrusions by organised crime.

For those thinking that I am nuts (on the road to becoming a Mars bar), to them I need to raise the issue of USB security, an issue raised by Wired Magazine in 2014. The fact that the USB is not just used to get data out, if malware was added to the stick, if it was custom enough, many malware systems might not pick up on it and that means that whomever got into the house, they could have added software, so that on the next run to copy a project, the system might have been opened up to other events. There is no way to prove that this happened, yet the fact remains that this is possible and the additional fact that this was happening for over 10 years is equally disturbing, because it means that the NSA monitoring systems are inadequate to spot unauthorised activities. These elements have at present all been proven, so there.

I think it is time for TRUSIX to convene again and consider another path, a path where USB sticks get a very different formatting and that its embedded encryption require the user, the location and the hardware id to be encrypted within the stick, in addition the stocks need to work with a native encryption mode that does not allow off site usage. Perhaps this is already happening, yet it was possible for Judas tainted Highwayman Harold to walk away with the goods, so something is not working at present. I am amazed that a system like that was not in place for the longest of times. I certainly hope that Director Robert Hannigan at GCHQ has been convening with his technology directors. In addition that there are some from Oxford and some from Cambridge, so that their natural aversion to the other, will bring a more competitive product with higher quality, which would serve all of GCHQ. #JustSaying

The one part where this will have an impact is the election, because this has been happening during an entire Democratic administration, so that will look massively sloppy in the eyes of pretty much every one, too bad Benghazi emails were not left that much under the radar, because that could have helped the Clinton election campaign immensely. Still, there are technology and resource issues. The fact that Booz Allen Hamilton gets mentioned again is unfortunate, yet this should only be a partial focus as they have 22,000 employees, so statistically speaking the number of transgressions is in that regard insignificant. What is significant is how these two got vetted and passed all their clearances. In addition to this there is the issue of operation centres. You see, if there has been data breaches, have there been system breaches? The question derives directly from the fact that data was taken off site and there were no flags or alerts for a decade. So at this point the valid question becomes whether NSOC and NTOC have similar flaws, which now places US Homeland Security in speculated direct data dangers. My consideration in this regard came from earlier mentions in this article. If any US opponent has a clue in this regard, what would be the repercussions, in addition, the question (due to my admitted ignorance) would be, did Edward Snowden have any knowledge of Harold Thomas Martin III, if so, was this revealed in any conversation Snowden would have had with a member of the FSB (there is absolutely no doubt that they had a ‘conversation’ with Edward Snowden whilst he was in sunny Moscow. If so, what data dangers is Homeland Security facing? If data was copied, it is not impossible that data was moved. If that has happened, any data event with any specific flag?

Now the next example is purely fictional!

What if conditionally an <!important> (or whatever flag the NSA uses in their data sets) was added or removed? If it was used to give weight to certain data observations, like a cleaning pass, the pass would either be useless, or misdirecting. All possible just because Harold Thomas Martin III had to ‘satisfy’ his ego. This is not whether it happened or not, this is about whether it was possible, which would give added voice to the NSA issues in play and the reliability of data. This is a clear issue when we consider that false journalistic stories give way to doubt anything the journalist has written, any issue with a prosecutor and all those cases need reviewing, so do you think it is any different for IT people who have blatantly disregarded data security issues? This is not some Market Researcher who faked response data, this is collected data which would have been intervened with, endangering the people these systems should protect. As stated, this is speculative, but there is a reality in all this, so the NSA will need to sanitise data and sources from the last 10 years. There is no telling what they will dig up. For me it is interesting to see this regarding Snowden, because I had my issues with him and how he just got data away from there. Now there is a chance that the NSA gets to rename their servers to NSA_Siff_01 to NSA_Siff_nn, wouldn’t that be the rudest wake up call for them? I reckon they forgot the old rules, the one being that technology moves at the speed of your fastest employee + 1 and the human ego remain the most dangerous opponent when it involves security procedures.

 

 

Leave a comment

Filed under IT, Law, Media, Military, Politics

Targeting the FBI

Do not worry, the FBI is not under attack from any hostile force, in this particular case it is me who will be on the offensive regarding statements made in 2014. Let me explain why. To get to the start of this event, we need to take a step back, to be a little more precise we need to turn to the moment 645 days ago when we read that Sony got hacked, it got hacked by none other than North Korea. It took me around an hour to stop laughing, the stomach cramps from laughter are still on my mind when I think back to that day. By the way, apart from me having degrees in this field. People a lot more trustworthy in this field, like Kim Zetter for Wired Magazine and Kurt Stammberger from cyber security firm Norse. The list of sceptics as well as prominent names from the actual hacking world, they all had issues with the statements.

We had quotes from FBI Director James Comey on how tightly internet access is controlled there (which is actually true), and (at https://www.fbi.gov/news/pressrel/press-releases/update-on-sony-investigation) we see “the FBI now has enough information to conclude that the North Korean government is responsible for these actions“. I am pretty sure that the FBI did not expect that this would bite them down the track. This all whilst they rejected the alternate hack theory that Cyber Intelligence firm Norse gave (at http://www.politico.com/story/2014/12/fbi-rejects-alternate-sony-hack-theory-113893). Weirdly enough, the alternative option was no less than ten times more possible then the claim that some made. Another claim to have a giggle at came from Homeland Security, the quote was “The cyber-attack against Sony Pictures Entertainment was not just an attack against a company and its employees. It was also an attack on our freedom of expression and way of life“, which is a political statement that actually does not say much. The person making it at the time was Jeh Johnson.

You see, this is all coming to light now for the weirdest of reasons. The Guardian (at https://www.theguardian.com/world/2016/sep/21/north-korea-only-28-websites-leak-official-data). The subtitle gives us “Apparent error by a regime tech worker gave the world a rare glimpse into the few online sources of information available“, so one of these high profile worldly infamous hackers got a setting wrong and we get “But its own contribution to the world wide web is tiny, according to a leak that revealed the country has just 28 registered domains. The revelation came after one of North Korea’s top-level name servers was incorrectly configured to reveal a list of all the domain names under the domain .kp“, you see, here we see part of the fun that will now escalate.

In this I invite NSA director Admiral Michael Rogers and FBI Director James Comey to read this, take note, because it is a free lesson in IT (to some extent). It is also a note for these two to investigate what talents their agencies actually have and to get rid of those who are kissing your sitting area for political reasons (which is always good policy). When  the accused nation has 28 websites, it is, I agree not an indication of other internet elements, but let me add to this.

The need to prototype and test any kind of malware and the infrastructure that could actually be used against the likes of Sony might be routed via North-Korea, but could never originate there. The fact that your boffins can’t tell the difference is a clear given that the cyber branch of your organisations are not up to scrap. In that case it is now imperative that you both contact Major General Christopher P. Weggeman, who is the Commander, 24th Air Force and Commander, Air Forces Cyber (AFCYBER). He should most likely be at Lackland Air Force Base, and the phone number of the base is (210) 671-1110. I reckon setting up a lunch meeting and learn a thing or two is not entirely unneeded. This is not me being sarcastic, this is me telling you two that the case was mishandled, got botched and now that due to North Korean ‘expertise’, plenty of people will be asking questions. The time requirement to get the data that got taken was not something that happened overnight. For the simple reason that that much data would have lit up an internet backbone and ever log alarm would have been ringing. The statement that the FBI made “it was unlikely that a third party had hijacked these addresses without allowance from the North Korean government” was laughable because of those pictures where we saw the Korean high-command behind a desktop system with a North Korean President sitting behind what is a mere desktop that has the computation equivalent of a Cuisena Egg Beater ($19.95 at Kitchen Warehouse).

Now, in opposition, I sit myself against me. You see, this might just be a rant, especially without clarification. All those North Korean images could just be misdirection. You see, to pull of the Sony caper you need stimulation, like a student would get at places like MIT, Stanford, or UTS. Peers challenging his solutions and blocking success, making that person come up with smarter solutions. Plenty of nations have hardware and challenging people and equipment that could offer it, but North Korea does not have any of that. The entire visibility as you would see from those 28 domains would have required to be of much higher sophistication. You see, for a hacker, there needs to be a level of sophistication that is begotten from challenge and experience. North Korea has none of that. Evidence of that was seen a few years ago when in 2012 in Pyongyang I believe, a press bus took a wrong turn. When some reporters mentioned on how a North Korean (military I believe) had no clue on smartphones. I remember seeing it on the Dutch NOS News program. The level of interaction and ignorance within a military structure could not be maintained as such the military would have had a clue to a better extent. The ignorance shown was not feigned or played, meaning that a technological level was missing, the fact that a domain setting was missed also means that certain monitoring solutions were not in place, alerting those who needed to on the wrongful domain settings, which is essential in regards to the entire hacking side. The fact that Reddit and several others have screenshots to the degree they have is another question mark in all this last but not least to those who prototype hacking solutions, as they need serious bandwidth to test how invisible they are (especially regarding streaming of Terabytes of Sony data), all these issues are surfacing from this mere article that the Guardian might have placed for entertainment value to news, but it shows that December 2014 is a very different story. Not only does it have the ability to exonerate the

We see a final quote from Martyn Williams, who runs the North Korea Tech blog ““It’s important to note this isn’t the domain name system for the internal intranet,” Williams wrote. “That isn’t accessible from the internet in any way.”” which is true to some extent. In that case take a look to the PDF (at https://www.blackhat.com/presentations/bh-usa-07/Grossman/Whitepaper/bh-usa-07-grossman-WP.pdf) from WhiteHat security. On page 4 we get “By simply selecting common net-block, scans of an entire Class-C range can be completed in less than 60 seconds“, yes, I agree you do not get that much info from that, but it gives us to some extent usage, you see, if something as simple as a domain setting is wrong, there is a massive chance that more obscure essential settings on intranet level have been missed, giving the ‘visitor’ options to a lot more information than most would expect. Another matter that the press missed (a few times), no matter how Time stated that the world was watching (at http://time.com/3660757/nsa-michael-rogers-sony-hack/), data needs to get from point to point, usually via a router, so the routers before it gets to North Korea, what were those addresses, how much data got ported through?

You see, the overreaction from the FBI, Homeland Security, NSA et al was overly visible. The political statements were so out in the open, so strong, that I always wondered: what else? You see, as I see it, Sony was either not the only one who got hacked, or Sony lost something else. The fact that in January 2015 Sony gave the following statement “Sony Entertainment is unable to confirm that hackers have been eradicated from its computer systems more than a month after the film studio was hit by a debilitating cyber-attack, a report says“, I mentioned it in my article ‘Slander versus Speculation‘ (at https://lawlordtobe.com/2015/01/03/slander-versus-speculation/). I thought it was the weirdest of statements. Basically, they had almost 3 weeks to set up a new server, to monitor all data traffic, giving indication that not only a weird way was used to get to the data (I speculated on an option that required it to be an inside job), yet more important, the fact that access had not been identified, meaning it was secured gave way to the issue that the hackers could have had access to more than just what was published. That requires a little bit more explanation. You see, as I personally see it, to know a transgressor we need to look at an oversimplified equation: ‘access = valid people + valid systems + threats‘ if threats cannot be identified, the issue could be that more than one element is missing, so either you know all the access, you know all the people and you know the identity of valid systems. Now at a place like Sony it is not that simple, but the elements remain the same. Only when more than one element cannot be measured do you get the threats to be a true unknown. That is at play then and it is still now. So if servers were compromised, Sony would need a better monitoring system. It’s my personal belief (and highly speculative) that Sony, like many other large companies have been cutting corners so certain checks and balances are not there, which makes a little sense in case of Sony with all those new expansions corners were possibly cut and at that point it had an IT department missing a roadmap, meaning the issue is really more complex (especially for Sony) because systems are not aligned. Perhaps that is the issue Sony had (again this is me speculating on it)?

What is now an issue is that North Korea is showing exactly as incapable as I thought it was and there is a score of Cyber specialists, many of them a lot bigger then I will ever become stating the same. I am not convinced it was that simple to begin with, for one, the amount of questions the press and others should have been asking regarding cloud security is one that I missed reading about and certain governmental parts in the US and other nations have been pushing for this cheaper solution, the issue being that it was not as secure as it needed to be, yet the expert levels were not on par so plenty of data would have been in danger of breaching. The question I had then and have now a lot louder is: “Perhaps Sony showed that cloud server data is even less secure than imagined and the level required to get to it is not as high as important stakeholders would need it to be“. That is now truly a question that matters! Because if there is any truth to that speculation, than the question becomes how secure is your personal data an how unaware are the system controllers of those cloud servers? The question not asked and it might have been resolved over the last 645 days, yet if data was in danger, who has had access and should the people have been allowed to remain unaware, especially if it is not the government who gained access?

Questions all worthy of answers, but in light of ‘statements made’ who can be trusted to get the people properly informed? Over the next days as we see how one element (the 28 sites) give more and more credible views on how North Korea was never the culprit, the question then becomes: who was? I reckon that if the likely candidates (China, Russia, UK and France) are considered there might not be an issue at all, apart from the fact that Sony needs to up their Cyber game, but if organised crime got access, what else have they gotten access to?

It is a speculative question and a valid one, for the mere reason that there is at present no valid indication that the FBI cyber unit had a decent idea, especially in light of the official response towards cyber security firm Norse what was going on.

Could I be wrong?

That remains a valid question. Even when we accept that the number of websites are no indication of Intranet or cybersecurity skills, they are indicative, when a nation has less websites than some third world villages, or their schools have. It is time to ask a few very serious questions, because skills only remain so through training and the infrastructure to test and to train incursions on a WAN of a Fortune 500 company is not an option, even if that person has his or her own Cray system to crunch codes. It didn’t make sense then and with yesterday’s revelation, it makes even less sense.

Finally one more speculation for the giggle within us all. This entire exercise could have been done to prevent ‘the Interview’ to become a complete flop. You know that movie that ran in the US in 581 theatres and made globally $11,305,175 (source: Box Office Mojo), basically about 10% of what Wolf of Wall Street made domestically.

What do you think?

 

Leave a comment

Filed under IT, Media, Military, Politics, Science