Tag Archives: NSO group

December 3, 2021 · 22:03

It is difficult

One one hand, thee was a reason to be joyful. There was another article by Stephanie Kirchgaessner, so let the bashing begin. On the other hand, this is actually a good article. It is also an important article. And there is a stage where we need to consider what is and what could be. The article ‘Rights groups urge EU to ban NSO over clients’ use of Pegasus spyware’ (at https://www.theguardian.com/law/2021/dec/03/rights-groups-urge-eu-to-ban-nso-over-clients-use-of-pegasus-spyware). This is interesting in two ways. We see no such ban on Remington, Fabrique national, Glock and a few other firms. And I would like to add that the NSA has done worse, much worse, so why is it now onto the NSO because their clients are skating on the edge of what some people might seem as ‘unacceptable’?

We see “Letter signed by 86 organisations asks for sanctions against Israeli firm, alleging governments used its software to abuse rights”, we see it, but do we realise what is going on? We are holding the publisher of a law book accountable for criminals using those books to stay out of prison. And it is not mere criminals using the books, it is governments using the books. 

This is a slippery slope and as Stephanie Kirchgaessner illuminates this, we are left with questions. I personally want to see a list of these 86 organisations. I am not saying that the Guardian is lying, I am stating that the NSO and us have a right to see these accusers. Yes, we see Access Now, Amnesty International and the Digital Rights Foundation. But where are the others? We also see “the EU’s sanctions regime gave it the power to target entities that were responsible for “violations or abuses that are of serious concern as regards to the objectives of the common foreign and security policy, including violations or abuses of freedom of peaceful assembly and of association, or of freedom of opinion and expression””, it is here that the problem starts. We see “freedom of opinion and expression”, but who allows for that? Who allows for ‘peaceful assembly’? Consider the US and their ‘Black Lives Matter’ setting. We see “Some states have recently increased the severity of criminal penalties for protesters along political lines”, so where is your freedom of expression and opinion now? 

There is an issue, there is and in this Stephanie is right, but is there any kind of stage where the NSO can be held responsible for the actions of their clients? What do you think will happen when the NSO sells what they have to China and/or Russia? Do you think these 86 organisations will have anything to say then? 

And there is a larger stage, the stage everyone is silent about, the stage we all know but no one is willing to look there. We are so willing to blame the NSO group, but no one is wondering why Apple and Google didn’t have better protection? We can understand that there are always, but they do not seem to work and for some reason, Apple and Google have a massive problem. So when we consider Forbes ‘Apple Starts Sending NSO Hack Warnings To iPhone Users’, why was this not done earlier, and more important why was the problem not fixed 5 years ago? Apple is playing the cautious game, leaving the NSO group out of the debate with “State-sponsored attackers are very well-funded and sophisticated, and their attacks evolve over time. Detecting such attacks relies on threat intelligence signals that are often imperfect and incomplete. It’s possible that some Apple threat notifications may be false alarms, or that some attacks are not detected. We are unable to provide information about what causes us to issue threat notifications, as that may help state-sponsored attackers adapt their behaviour to evade detection in the future.” So why are new phones not more secure? Why are cyber locks a problem? Because Apple (Google too) caters to people who need automation to get better and more revenue and that crosses with the needs of some players who need access. 

In all this, the simplest solution was that no one gets access to your mobile, and it is not a new concept. The Blackberry started that idea and was quickly pushed out of the market (they were not the cheapest either). I saw this come up a few times when I was considering the evolution of a console (name xxxxxxxx redacted) , but the premise is larger and it is all linked to the simple setting that Facebook opened a door and EVERYONE wants to get through. In this case the NSO group saw that as a great idea to collect information and they are not alone, let that be clear, they might be the most visible player, but they are not the only player, but the article does not give that part, do they? You see there were a few nations on the list (that everyone ignores) and they are not NSO group clients, but they have certain abilities, so they are a client of someone and these 86 organisations are about to give that one player (with no scruples) the entire market.

Did you consider that?

Moreover, the accusations from some against the NSO group are still absent of evidence. Several newspapers gave light that the list of 10,000 was bogus and it was from 2017. In addition, I found the financial link missing, 10,000 hacks implied that the NSO group had received in excess of $600,000,000 and they have not. Some give us specifically worded accusations. Like the Citizens Lab giving us that 36 phones might (emphasis on might) have been transgressed upon, 36 out of 76, and we seemingly delete the word ‘might’ with our minds, but I did not. I am not opposing the Citizens Lab, but 36 might out of a debatable list of 10,000 is a long stretch and so far none of the media have given us any clear evidence, but these 86 organisations see there limelight moment, so they are all crying foul (or is that fowl). 

I for one want to see the media become responsible and hand over a dashboard of alleged victims. 10,000 numbers, that would be a massive list, but a dashboard stating how many are government, how many are journalists (which was in one article no more than 180, I think) making that a mere 1.8%. How many infections per nation? The list goes on and the media over all these months presented ABSOLUTELY NOTHING. But now we see “Letter signed by 86 organisations asks for sanctions against Israeli firm”, all whilst no clear evidence has been presented EVER. This is ab out something else and it has nothing to do with the NSO group, it has everything to do with a group of journalists who have become obsolete and as we see event after even (like that running Joke called the ICIJ), how much evidence have we see on their so called 11.9 million leaked documents with 2.9 terabytes of data, and zero (none) dashboard giving a summary, even with all that time and 600 journalists no one had time to give us a run down, that is how pathetic the media has become. Oh and they promised not to investigate the source, interesting is it not?

All flaming for digital revenue and presenting close to nothing, flames and way too little  substance. So when we ask these media players for clarity, their most likely answer will be ‘It is difficult’

Leave a comment

Filed under Law, Media

Tagged as , , , , , , , , , , ,

November 18, 2021 · 04:07

Worry lines

We all worry. You, me and the people around us. We all worry. The trick is to not be hindered by it, but worry breeds doubt. It does for nearly all of us. At this I wonder about what I see, what I hear and what I read. You see the biggest creator of doubt is the worry on who or what to trust. No matter hat the intended party was, the party creator is behind the doubt that is being created, that is until the matter in the brain is settled. When that is done there will be a backlash, either right or wrong when you stand by that position the doubt comes back, it always does. It is almost the same when you buy something expensive, and for a few days afterwards you still check sources if there was another cheaper one. We all tend to do this, it is in our nature. So this is what was in the back of my mind when I saw (at https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east) by none other than what I personally consider than any politicians favourite tool Stephanie Kirchgaessner. To understand where I stand I need to take you through the article. I gave my displeasure on what she considers journalism a few times, so I am taking you by the hand in the article ‘Israeli firm’s spyware linked to attacks on websites in UK and Middle East’. The article starts with “Canada-based researchers say new evidence suggests Candiru’s software used to target critics of autocratic regimes” immediately followed by “Researchers have found new evidence that suggests spyware made by an Israeli company that was recently blacklisted in the US has been used to target critics of Saudi Arabia and other autocratic regimes” this first part indicates that this involves the NSO Group, the link in the first paragraph also links to the NSO Group blacklisting. The linked article only mention of Candiru is “and another Israeli surveillance company called Candiru had developed and supplied spyware to foreign governments”. We then get “In such attacks, spyware users launch malware against ordinary websites that are known to attract readers or users who are considered “targets of interest” by the user of the malware”, the writer then covers her back by giving us “Unlike NSO Group’s signature spyware, which is called Pegasus and infects mobile phones”. Here we get the first part of what was setting me off. The NSO Group was made part of this to paint them a specific colour of black, just like some politicians wanted to. There is no real comparison as there is a lot of useless mentions of the NSO Group. The only part that mattered in the article was “Citizen Lab said it was able to identify a computer that had been hacked by Candiru’s malware, and then used that hard drive to extract a copy of the firm’s Windows spyware. The owner of the computer was a “politically active” individual in western Europe, it said” Yet the article is massively absent of evidence, and a repetitive “Candiru declined to comment”. The article is absent of a large chunk of information on Candiru, it is absent to support “Microsoft reported that it had found victims of the spyware in Israel and Iran”, she does not say “victims of the Candiru spyware”, there are a few other parts, but these are the parts that mattered. The Guardian is playing a dangerous game by not properly informing, or deceptively informing their audience. Even as the article ends with “the commerce department said it had evidence that Candiru developed and supplied spyware to foreign governments that used it to maliciously target government officials, journalists, businesspeople, activists, academics and embassy workers. The tools also helped to enable foreign governments to conduct “transnational repression”, the department said”, the last part does not state “evidence that Candiru allegedly developed” even as we do not see a list and an explanation of what the evidence is, an explanation of what makes it evidence, not the exact parts, but some form of an explanation and in all this why was the NSO group mentioned so abundantly?

No comparison list, no header of numbers on what kind and how many were shown to be hit, all absent. A mere “Candiru may have deals with Uzbekistan, Saudi Arabia and the UAE, Forbes has reported”, so when you consider “Candiru, which was founded in 2014 and has undergone several name changes. In 2017 the company was selling its malware to clients in the Gulf, western Europe and Asia”, time was not the problem, the approach is (as I personally see it) nothing less than a farce. And if a newspaper like the Guardian will use its investigative journalists to this degree, what exactly are the others doing? I should give you worry lines, it does me. If certain sources are starting to be absent of credibility and optionally less regarded as trustworthy, what can we trust?

Oh and it just dawned on me, espionage is a tool, a universal governmental tool. So was it “supplied spyware to foreign governments”, or should it be “supplied spyware to governments”?

Leave a comment

Filed under IT, Media, Politics

Tagged as , , , , , , , , ,

November 9, 2021 · 04:27

There is doubt

We have doubt, we all do and there is no denying it. I have had my reservations from the press for the longest of time. Today we see another article and this time by Al Jazeera. They give us ‘Palestinian activists hacked by Israeli firm NSO spyware’, I will agree that there are people that we should monitor, this happens. So what makes these Palestinians so special? Consider that in the past we were given that the price of a hack is $100,000. This means that someone lashed out $600,000 on these six Palestinian rights activists. They are not called terrorists (whether they are or not), they are labeled as rights activists. Then Al Jazeera (at https://www.aljazeera.com/news/2021/11/8/palestinian-rights-activists-hacked-by-israeli-firm-nso-group) gives us “Spyware from the Israeli surveillance company NSO Group was detected on the mobile phones of six Palestinian human rights activists, in the first known instance of Palestinian activists being targeted by the military-grade Pegasus spyware”, so the paragraph mentions Israel, then the ‘NSO group’, ‘Military-grade’ and ‘Pegasus spyware’. With the added settings that matter. The first is “It is not clear who placed the NSO spyware” which is fair enough, so what gives certainty that it was Pegasus? It is a fair enough question and where is that report? Then we get “Three of the hacked Palestinians work for civil society groups. The others do not, and wish to remain anonymous, Frontline Defenders says” which countermands the earlier statement of ‘six Palestinian human rights activists’, just three and what are the other ones? Terrorists? Yes, I’ll bet they want THEIR anonymity. It is the odd setting we get next “Frontline Defenders is “not absolutely alleging that Israel is behind this,” but that the “timing of all this is very interesting””, yes so is the IRA coming to the rescue of Hezbollah, but I will not judge. Wasn’t it the Times who gave us on September 13th 2020 that gave us ‘New IRA forges links with Hezbollah’, also interesting isn’t it?

So where is the evidence? And whilst we give Andrew Anderson, executive director at Frontline Defenders the benefit of the doubt with “the NSO Group cannot be trusted to ensure its spyware is not used illegally by its customers and says Israel should face international reproach if it does not bring the company to heel”, well, one could argue that no one is bringing Hezbollah to heel, the other part is that the reports have not been given the visibility that they deserve. When did a media outlet like the verge get that full report? Why is that report not out in the open for scrutiny? In my mind the girl stating that that she is the greatest whore in the world whilst we cannot find any man substantiating that, is nothing more than a wannabe women hoping to get rid of her virginity. 

Any equation can be turned on its head and whatever falls out either supports the claim or accelerates the doubt we have. In this case I have doubt, I have way too much doubt. For one it is the lack of a timeline. 

When we see “The non-profit Frontline Defenders disclosed its findings on Monday in a joint technical report together with Amnesty International and the University of Toronto’s Citizen Lab, which independently confirmed the results” It is the only date I see, so when were they infected, when were the suspicions voiced? How long did either party investigate? All parts that are missing and no one hands over the report to any of us. I have doubts, I have a lot of doubts and they are growing. The entire setting of the media being the whoring little chihuahua against the NSO group, optionally on American orders. The US does not need to spy on us, they have the media doing it for them. And as far as I can tell, no one is asking real questions, why is that?

Leave a comment

Filed under IT, Media, Politics, Science

Tagged as , , , , , , , , , , ,

November 5, 2021 · 03:41

As Credit Cards run dry

That was pretty much the first thing that went through my mind as Reuters gave me ‘UK could speed up criminal sanctions for big tech, minister says’ an hour ago. The article (at https://www.reuters.com/world/uk/uk-could-speed-up-criminal-sanctions-big-tech-minister-says-2021-11-04/) gives us the first dangerous setting ““It will not be two years, we are looking at truncating that to a shorter time frame,” she told lawmakers. “I’m looking at three to six months for criminal liability”” in the first I have all kinds of emotional outbursts as to the uselessness of certain political players. Then there are a few more chapters, yet it is not yet the moment for that (it will come soon enough). When we see “Powers to make executives liable have been proposed as a “last resort” to be introduced at least two years after the rules have been set, the government has said”, we see the first part that it is a timeline change of almost 75%, then there is the statement ‘as a “last resort”’ and I personally believe that none of it will hold up to scrutiny. There is of course the ‘old’ setting of “In general, Facebook may not be held liable for slanderous or defamatory posts due to Section 230 of the Communications Decency Act. Section 230 protects internet service providers, like Facebook, from liability for content posted to their platform by third-party users” Yet it also means that a demand could be made to hold Journalists up to those same standards, and that is where the shoe stops fitting and the dance ends real quick.

Consider Stephanie Kirchgaessner, someone at the Guardian. On July 19th 2021 she gives us “A phone infected with NSO malware, as Kanimba’s has been, not only gives users of the spyware access to phone calls and messages, but it can also turn a mobile phone into a portable tracking and listening device. In the period before she was alerted to her phone being hacked, Kanimba said she had contacts with the US special presidential envoy for hostage affairs, British MPs, and the UK high commission office in Rwanda – all of which could have been monitored

We now see:
A. ‘A phone infected with NSO malware, as Kanimba’s has been’
So where is that evidence? As such the guardian could be just as liable and hiding behind ‘big tech’ optionally constitutes a case for discrimination and the Guardian is also on Facebook, Twitter and so on, so what gives there?
B. When was the phone infected? Can the moment of infection be proven?

The Daily Mail reported on October 25th 2021 “The alarm was raised after an online harms issue known only to a few people at the Department for Digital, Culture, Media and Sport was raised by a senior executive at Facebook in a recent meeting” So we see “I’m looking at three to six months for criminal liability”, basically Facebook would be prosecuted for events that the employees of that government leak on Facebook? How insane is that train? Who would be the conductor of that crazy brain train and with that in sight, when we consider that some of these messages come from all over the globe. And in plenty of those cases the so called trolls are to blame for some messages. When we consider that the track record in the US, UK, EU and larger commonwealth fails to deal with trolls, can we demand more from Facebook? Consider that the Council on Foreign Relations reported on June 7th 2021 “Chinese trolls are beginning to pose serious threats to economic security, political stability, and personal safety worldwide”. So how long until not so intelligent politicians see a larger string of attacks and fine Facebook whilst the business shifts to China where the US, UK and EU have no say in the matter? How stupid does one need to get to consider their stretched credit cards to get fines whilst losing billions in taxable revenue and optionally global revenue? When it all shifts to China (as well as the Russian equivalent) people like Britain’s Culture Secretary Nadine Dorries were too close to clueless to understand the digital media? Yes, we get it, Zuckerberg created a Behemoth, one a lot larger then even he thought was possible, but the rest had no idea whatsoever (I used to work for a few of them). So in all this we see lofty words like ‘criminal liability’, yet that same government (as the BBC reported) gives its population just 1.6% of rape allegations in England and Wales result in someone being charged, something the government has said it is “deeply ashamed” about. Charged, not convicted, that is a mere 80%, leaving 98% of the assailants free to do it again. That government who failed its population for well over three decades thinks it can judge “big tech firms already had the capability to make their platforms safer”, how is that insight gotten? Because as I see it in too many places the people have no clue on digital media issues, especially in social media. 

I believe that this is another ‘tax the wealthy’ stage, this time it is on what I regard as ‘false grounds’. And in that light, lets take a gander into another stage (adjusted stage in this case) of ‘flawed reasoning’

6 Most Common Causes of Wrongful Convictions

Eyewitness misinterpretation.
The stage where the observer does not comprehend all the elements of a digital track and uses his or her status as expert witness, or witness to the event all whilst the stage cannot be seen as a lot of the variables involved are not visible to that witness.

Misinterpretation.
Misinterpretation is set to what is seen, the data behind it and the stage on why and who placed it. In many cases (especially with flamers and trolls) several of these elements are faked and wrong values are captured mainly because flamers and trolls know what to change. This is similar to all the scam calls showing a UK/US number whilst the scammer is in India. YouTube is filled with those examples.

Incorrect forensics.
Is slightly the wrong term, it is incomplete forensics, because governments listened to self righteous pinko’s who demanded privacy and as such digital platforms cannot capture what needed to be captured to do more, so first (overly graphically stated) the government cuts off the hands of the media giant and then tells the media giant to pick up the right ‘pick-a-stick’, how lame is that part of the equation?

False confessions.
There is the cry-baby (hoping to get freebee’s), the trolls and flamers and those with a natural aversion to one side (abortion, politics, vegans), take a subject and there will always be a crying opponent and they are willing to embellish their side and optionally lie on what they feel, all sides that goes straight into social media and often several times over.

Official misconduct.
Basically is is seen on both sides and always will be, I used the government staff leaking lists, but the opposite side is also there (like Amazon staff greasing personal (family) needs. Several options and these things happen and time is the only way to get there, yet the issues mentioned earlier drains close to all resources.

Use of informants.
That is the larger problem, who is a real informant, and who is there to play some political game? The data will not reveal either but it also constitute a wrongful case.  A seemingly small but growing issue on a stage where size is the least visible element of all.

Inadequate defense.
The largest problem issue. It overlaps with technical abilities, privacy abilities and false confessions, they all impact the defence that is offered and as such is the easiest overrun in court or in a hearing. This also is a stage with documentation and as we see with some players at the ICIJ (Pandora papers) as well as the NSO group. There is no adequate defence as the presented attacks are too often absent of evidence, yet still there is a conviction against the players and the media became part of that problem. A stage where defense was not possible because some players were allegedly tainting the field. 

Six elements and they are out in the open, so when we see “Britain’s Culture Secretary Nadine Dorries, who was appointed to the job in September, said she wanted the powers brought forward” I personally wonder whether she is clueless on what is involved, or is this a mere ruse to get fines so the governmental Credit Card is not cut into pieces by too many banks? And if the UK is in that stage, how deep is the EU and the US at present?

Before we leap to rush to the small minded people, lets make sure that they do not end up driving business to players like WeChat. A site that will not adhere to anything that is seemingly non-Chinese.

Leave a comment

Filed under Finance, IT, Media, Politics, Science

Tagged as , , , , , , , , , , , , , , , , ,

November 4, 2021 · 02:18

Tools of convenience

It is 01:39, I thought it was going to be a boring Thursday. Yet, there she is, everyones favourite tool Stephanie Kirchgaessner is making another run for it. She gives us ‘Israeli spyware company NSO Group placed on US blacklist’. The article (at https://www.theguardian.com/us-news/2021/nov/03/nso-group-pegasus-spyware-us-blacklist) comes with all posturing, yet no evidence. She gives us “It comes three months after a consortium of journalists working with the French non-profit group Forbidden Stories, including the Guardian, revealed multiple cases of journalists and activists who were hacked by foreign governments using the spyware” yet there are a few sides to consider. This so called ‘consortium of essay writers’ working with the clowns calling themselves the ‘non-profit group Forbidden Stories’ came with insinuations and no evidence. On July 23rd 2021 I wrote ‘From horse to course’, there I gave the readers “but consider that if the media has not released a dashboard of these 50,000 numbers, I believe that my case is rather clear, I would personally consider that list is nothing more than the fabrication of a stakeholder who needs the revenue that the NSO Group currently has”, in addition to that, the BBC gives us (the link is in the same story) “Of the people whose numbers are on the list, 67 agreed to give Forbidden Stories their phones for forensic analysis. And this research, by Amnesty International Security Labs, reportedly found evidence of potential targeting by Pegasus on 37 of those”, so basically they could prove it in no more then 60% of the cases which they call ‘evidence of potential targeting’, I am not debating it, but this setting where we saw a few mentions that the NSO Group pleaded innocence, we need to have evidence, and the whatever you wanna call it pointlessly blaming people without presenting evidence constitutes in my humble opinion a person too useless to consider a valid source of information.

She goes on giving us “The Guardian and others also revealed that the mobile numbers of Emmanuel Macron, the French president, and nearly his entire cabinet were contained on a leaked list of individuals who were selected as possible targets of surveillance”, a leaked list that was opposed by the Verge and a few other sources which I dealt with again in ‘The same gramophone’ (at https://lawlordtobe.com/2021/09/16/the-same-gramophone/) We see several issues with what is stated from a few articles, but the part was that the leaked number list was from 2016, and there were other considerations too, in part that 50,000 numbers represent $600,000,000 in the cheapest configuration and so far, no evidence was ever shown that the NSO Group had made THAT much money. We also get the show of a party line “NSO has said that its spyware is used by foreign government clients to target serious criminals. It has denied that any of its clients ever targeted Macron or any French government officials”, I get that. It does not make the NSO group innocent, but so far the confused tool Stephanie Kirchgaessner and whatever master she barks to are not presenting ANYONE clear evidence. I stated it 6 months ago there too. A top line of what was available and optionally evidence would have been presented and in 6 months none of them did any of that. 

Have we stopped being nations of laws? There is a second side to all this it is seen in the headline  ‘Israeli spyware company NSO Group placed on US blacklist’, we get “Decision against company at heart of Pegasus project reflects deep concern about impact of spyware on US national security interests”, OK that is fair, the US has national interests and as such they have the right to push for their national interests, I cannot and will not debate that, it is their right. I just wished the Guardian had actually done their homework and not hide behind “It comes three months after a consortium of journalists working with the French non-profit group Forbidden Stories, including the Guardian, revealed multiple cases of journalists and activists who were hacked by foreign governments using the spyware”, that and unsubstantiated mentions makes for a shoddy article, one that is debatable on too many sides and degrades the Guardian from their AAA status to a mere B-. Feel free to oppose this, you only have to get actual evidence and so far none of them presented any and several sources debated what some presented, a mess and this is the third time I personally see the name Stephanie Kirchgaessner towards something that I personally regard to be shoddy. Once happens, twice perhaps if the career is long enough, but three times? As I personally see it, the average journalism intern is better than that. 

And no matter how we slice it, Shalev Hulio, NSO’s founder has a larger issue and optionally new avenues to explore. I wonder if that was the content of the meeting that is given to us as “But in the weeks that followed the publication of the Pegasus project, Israeli officials met with counterparts in the US and France to discuss allegations of abuse of the technology.” I think the current administration is shitting bricks, they are scared. The NSO group is the first time in history that a private company had a better grasp of technology then the NSA EVER had. And the next credit ceiling conversations are a mere 7 weeks away, I reckon that the democrats are afraid that any deal towards that comes out into the open from any non-US source. It must be awful to rely on tools you owe big time, but that is merely my take on the matter.

Leave a comment

Filed under Finance, IT, Media, Politics, Science

Tagged as , , , , , , , , , , ,

October 7, 2021 · 12:47

Two items

Yes, there are two items that are on the mind of may people. One is directly on the mind of many and as I stated in ‘Utter insanity’ on October 4th a lot of impact will be seen and the poor will get the brunt of that impact. As I see it, there is a lot that will be going wrong and even as the US Democrats are hiding behind the media slogans like ‘Biden: Republicans playing ‘Russian roulette’ with US economy over debt ceiling’, we better catch on quick. This issue is not now, it has been going on for over a decade, too much spending, no exit strategy and upping the debt every time and this has been going on since the Presidents George W Bush, Barack Obama, Donald Trump and President Joe Biden were in office. From 2001 the debt want from $6 trillion until now as it is $28 trillion. I will agree that President Biden got a really bad hand and he inherited the debt, but so did Obama and Trump. George W Bush had Afghanistan and Iraq in consequence to what happened in New York which was not on him, but ALL these presidents had the option to overhaul the Tax system and NONE of them did so, this pox is on BOTH the Republican and the Democrat houses. A budget that was there to enable big business and media but none acted over well over 20 years, so this is on more. In this Bill Clinton was the one who left the budget was in surplus so his inaction has a decent acceptable excuse. And now the Republicans say enough is enough, I cannot fault them for that. As I showed the Defence department wasted $30-$45 billion on TWO PROJECTS, two projects that does not meet the bare minimum but we go on paying those wasting the funds. Why is that? And the lack of adjusting Tax laws, not to tax the rich, but the setting of justly tax ALL. An optional setting that as offered to them in 1998, but they were eager to state that it was too hard. Now consider the Google Ads system that properly (and decently) charges the advertiser and not greedy grab the advertiser like the advertisement  agencies did for decades. So it was not that hard, was it?

And as we now see the need to ‘overhaul’ the Senate rules to end the amendment of the ‘filibuster’, a stage that has been there for a long time is now regarded by the Democrats as too hard to handle. I am not the voice for against that decision, yet consider that THEY TOO would not overhaul the tax system when it was in their administration, so is it fair? And in all this Wall Street is giving whatever ‘free’ advice the media is willing to listen to, they are so scared now. 

What was issue two?
It cones from a different corner. When the BBC gave us ‘Princess Haya: Dubai ruler had ex-wife’s phone hacked – UK court’ 8 hours ago (at https://www.bbc.co.uk/news/world-middle-east-58814978) I saw “The High Court has found that the ruler of Dubai, Sheikh Mohammed Al Maktoum, interfered with British justice by ordering the hacking of the phone of his ex-wife, Princess Haya of Jordan. The phones of her solicitors, Baroness Fiona Shackleton QC and Nick Manners, were also targeted during their divorce custody case, according to the court”, it took a few second (approximately 7.1) and my mind raced. You see the media is a nice source to use given information against them. You see, The Verge gave us on July 23rd (at https://www.theverge.com/22589942/nso-group-pegasus-project-amnesty-investigation-journalists-activists-targeted) ‘NSO’s Pegasus spyware: here’s what we know. In that article we get “NSO Group’s CEO and co-founder Shalev Hulio broadly denied the allegations, claiming that the list of numbers had nothing to do with Pegasus or NSO. He argued that a list of phone numbers targeted by Pegasus (which NSO says it doesn’t keep, as it has “no insight” into what investigations are being carried out by its clients) would be much shorter”, It is the setting of “has “no insight” into what investigations are being carried out by its clients” against the setting that the BBC gives us which is “referred to the hacking as “serial breaches of (UK) domestic criminal law”, “in violation of fundamental common law and ECHR rights”, “interference with the process of this court and the mother’s access to justice” and “abuse of power” by a head of government”, we can agree with the point of view, but where is the evidence? The NSO stated that it does not keep any, so what is the source and the foundation of the evidence? The link the BBC gives us the judgment (at https://www.judiciary.uk/judgments/al-maktoum-judgments/) yet there I see in the reference for the Hacking fact finding part:

i. The mobile phones of the mother, two of her solicitors (Baroness Shackleton and Nicholas Manners), her Personal Assistant and two members of her security staff have been the subject of unlawful surveillance during the course of the present proceedings and at a time of significant events in those proceedings.

ii. The surveillance has been carried out by using software licensed to the Emirate of Dubai or the UAE by the NSO Group.

iit. The surveillance has been carried out by servants or agents of the father, the Emirate of Dubai or the UAE.

iv. The software used for this surveillance included the capacity to track the target’s location, the reading of SMS and email messages and other messaging apps, listening to telephone calls and accessing the target’s contact lists, passwords, calendars and photographs. It would also allow recording of live activity and taking of screenshots and pictures.

Yet in all this, how was this evidence obtained? The findings rely on the setting stated by Baroness Hale, which is fair enough and she stated “In this country we do not require documentary proof. We rely heavily on oral evidence, especially from those who were present when the alleged events took place. Day after day, up and down the country, on issues large and small, judges are making up their minds whom to believe. They are guided by many things, including the inherent probabilities, any contemporaneous documentation or records, any circumstantial evidence tending to support one account rather than the other, and their overall impression of the characters and motivations of the witnesses.” Here I have a problem. Not the setting that Baroness Hale states, it applies for many cases and I would support this, yet in this technology the problem is that even those deep into this technology do not completely understand what they face. When we look at sources all over, we see a former intelligence officer from Germany who cannot state that Huawei is a danger, because their technology people do not comprehend it. We see source after source flaming the NSO group issues but they are flaming and even those sources are debated as it refers to sources from 2016, long before the Pegasus group had the software it deploys now. If we accept the words by Baroness Hale “We rely heavily on oral evidence, especially from those who were present when the alleged events took place” yet what happens when that witness the average normal person, how can that person give credibility to neural surgery? It is the same, a stage where the media relied on flaming and keeping people off balance, how can a person who does not comprehend technology be given the credibility that this court has? And should the court disregard the influence the media has, they merely need to see connected contributory manslaughter Martin Bashir was a part of, as I personally see it, his actions resulted in the path that led to the death of Lady Diana Spencer. 

In this I support “the court’s findings were based on evidence that was not disclosed to him, and that they were “made in a manner which was unfair””, I will take it one step further, if the submitted evidence is held to the cold light of day, its value will be debatable on a few levels. So when we consider “Dr William Marczak, who is based in California and is a senior research fellow at the University of Toronto’s Citizen Lab, which researches digital surveillance. He told the court he had no doubt the phones were hacked using NSO’s Pegasus software. He also concluded “with high confidence” that the phones were hacked by a single operator in a nation state. He concluded with medium confidence that it was most unlikely to be any state other than the UAE.” In this we saw the CIA with their “with high confidence” and I wonder hat it is based on. I am not attacking Dr William Marczak, there is no reason to, but when you consider “with medium confidence that it was most unlikely to be any state other than the UAE”, so he is not completely certain, he is decently certain that someone did it, but there is no evidence (aka he cannot swear) that it was the UAE, feel free to read the settings and the statements, it could have been anyone, if the evidence holds up to scrutiny and that pert is also a part I am not certain of. You see when we see “A senior member of NSO’s management team called Mrs Blair from Israel on 5 August 2020 to inform her that “it had come to their attention that their software may have been misused to monitor the mobile phones of Baroness Shackleton and HRH Princess Haya” and we hold it up to the interview in The Verge on July 23rd with Shalev Hulio we see conflicts, conflicts of optional evidence by the same source, why is that?

These are the two Items that were bugging me to some extent and as my mind is racing towards another TV series stage (it will be the third my mind designs) I wonder what the eager bored mind is able to contemplate. So as we wonder what drove the judgement (no negativity implied), I see too many strings going from one place to another and they might be just in my mind (the place between ones ears) but too much evidence does not make sense, in both stages offered and the media took centre stage to both, and the media is the weakest link of credibility, that has been personally proven a few times over.

1 Comment

Filed under Finance, IT, Law, Media, Politics, Science

Tagged as , , , , , , , , , , , , , , , , , , , , , ,

September 16, 2021 · 08:13

The same gramophone

It started over a month ago with ‘From horse to course’ (at https://lawlordtobe.com/2021/07/23/from-horse-to-course/) there we saw the attack and the debatability on some of the presented evidence. Today we see (at https://www.theguardian.com/news/2021/sep/15/eu-poised-to-tighten-privacy-laws-after-pegasus-spyware-scandal) ‘EU commissioner calls for urgent action against Pegasus spyware’ and it would make sense, until we get to “The investigation was based on forensic analysis of phones and analysis of a leaked database of 50,000 numbers”, so in well over a month there are no top-line statistics? The list was attacked by a few well over a month ago, but here we see the Guardian, specifically Daniel Boffey hash over the same stage with nothing to show for it, so is he what some might call ‘a fucking tool’ for stakeholders or a wannabe journalist? Consider that we pretty much get the same details we saw in my article and these parts came from the BBC and the Guardian’s own article from last July. That article gave us “NSO has said Macron was not a “target” of any of its customers, meaning the company denies he was selected for surveillance using its spyware, saying in multiple statements that it requires its government clients to use its powerful spying tools only for legitimate investigations into terrorism or crime”, so whilst we now see “analysis of a leaked database of 50,000 numbers, including that of the French president, Emmanuel Macron, and European Council president, Charles Michel”. So did Daniel forget to do his homework or was he acting on the needs of a stakeholder? I actually do not know, hence I ask here. The largest failing is that the Guardian gives us some emotional charged article and no homework was done, there is no top-line on the nations involved with the 50,000 phone numbers. All whilst I also showed (at https://lawlordtobe.com/2021/07/28/retry-or-retrial/) a few days later when The Verge got involved that 50,000 numbers imply a cost of no less than $400,000,000 which is still not looked at, so why is the Guardian (BBC too) this unable to perform? In that article ‘Retry or retrial?’ We see the Verge giving us “The Washington Post says that the list is from 2016” and that journalist no one cares about was still alive. A setting that is seemingly overlooked by TWO news organisations and none of them vetted information through a top-line which is what I would have done first. So how many of these numbers are EU numbers? How many are in France, the Netherlands, the United Kingdom, Germany or Sweden? In over a month neither newsagent got that part done and if the Verge is to be believed the 2016 list without a top-line shows newsagents to be massively incompetent. 

Added here we see the added part “A consortium of 17 media outlets, including the Guardian, revealed in July that global clients of the Israeli surveillance firm NSO Group had used hacking software to target human rights activists, journalists and lawyers”, that part negated is that the NSO group is a service branch towards governments on the tracking of criminals and terrorists. This caper costs a government “$500,000 for an extra 50 phones” (source: The Verge) all whilst the entire list represents a minimum value of $400 million. So which governments spend that much on these numbers and when you consider that it was a list of governments, we see additional info that the leaked list is a fictive list, there is no leak that hands the phone lists of all these governments and that is before we consider that one number might be on several lists. Consider that both Macron and Johnson want to know where Merkel gets her lingerie (ha ha ha). OK, that was a funny, but the setting is valid, there is a genuine need for several governments to keep track of a person and when we consider that I could have made a top-line within a week (depending on how the data looks) why did the Guardian and the BBC not succeed? Why do they not have any reference to the leaked list being a 2016 list? 

Also in the end we see the Guardian give us “NSO says it “does not operate the systems that it sells to vetted government customers, and does not have access to the data of its customers’ targets”” when we consider that we see more debatable sides to a list of 50,000, we see the lack of actions for well over a month (almost 2 months) and at no stage do we see any clear allegations against any government apart for some mention of Hungary, all whilst the top-line results could have pointed the finger at someone. Do you actually believe that the UAE or Saudi Arabia have any interest in a Dutch Human rights activist? At the prices that the NSO charges, I very much doubt it. 

So here I stand asking the Guardian (and specifically Daniel Boffey) what on earth do you think you are doing? Who are you serving, because the lack of evidence and lack of clear verifiable data implies you are not doing this for the readers, if that were true the article would have looked very different.

2 Comments

Filed under IT, Media, Military, Politics, Science

Tagged as , , , , , , , , , , , , , , ,

September 15, 2021 · 16:46

Speculative design

Many do this at times. We look at something and we think ‘What if we move part N to location X?’ It is a perfectly valid idea and it keeps a brain active and in creative mode, which tends to be good for several reasons. So I was busy thinking things out, in one it is the side of pushing another IP towards public domain, it is too soon, but not by much. So the mind started to wander. The first part was the new trojan that the NSO group is suspected off (see previous story), the second was a line in the West Wing (which I am watching again during the lockdown plus curfew. There we hear about a pen designed for NASA that works upside down, one mentions that Russia solved it by using a pencil. You might not think it, but it is actually an important part. So as these elements rolled in my mind, I wondered on adding a setting (just to piss off the Iranians) in a stage to get two for the price of one, they do use Russian hardware. As such I thought that we need a few clever boffins and as such the people should call on the NSA (No Such Agency). What if we find a way to introduce a hippocampus to the hardware? A hippocampus is a trojan that is submerged (in this case) into the firing solutions. You see at some point a target needs to be setup and that moment the link becomes a weak link. You see not all systems have additional redundant systems and I am willing to bet that Iran has the latest hardware, but not every internal system is up to the latest standard. Implying that we can add something. So what if these missiles would then automatically start to be set to point X plus 1-10 miles? A submerged trojan horse might pull that off. There are a few questions that require me to have a lot more firing system knowledge. Yet when we consider the elements rocket-firing solution-guidance, we might see that the firing solution will be the easiest transgression and these systems do require to get to a base. A solution  that will hit EVERY firing system by infecting all the systems and the infection stays where it is until it fires and then it becomes a nice 4th July showtime. And there is a nice secondary part, the person firing is the one hitting ones self. Passive aggression in full view. 

So is my view realistic? I do not know, I do not care. I merely try to design a way to stop players like Iran and I will use any way possible. All whilst politicians make claims to do something and after spending truckloads on funds on long exclusive trips that tends to include a few 5 star hotels, I on the other hand, sitting on my sofa came up with ideas that had no cost, merely a few dimes of electricity. One works in whatever way the brain gets to be (more) creative. It was the same path I followed when I designed a way to push a  meltdown in the Iranian nuclear plants. OK, I also engineered two additional valve ideas and when I file for these I might get a few additional dollars as well. I do know that these solutions are pure concept, there is no guarantee it will work. But it keeps my brain busy and if it doesn’t work, it might make for a nice additional part to some TV series or movie. The creative brain can come up with a dozen ideas, just be ready that it ends up where it was not expected to go. You might find that funny and it is, but when you consider how books, games and movies got an infusion of brilliance. You merely have to consider how they got to be. Games like Ultima 3 became inspirations to a lot more RPG games (made by other makers). The EA game ShadowCaster was by way too many overlooked, yet when you see “the 49th best computer game of all time, calling it “an admirable attempt to show that RPGs don’t have to be boring””, so why was this game not remastered and redesigned for consoles and streamings? In that same light we can review all kinds of neglected hardware and see just how creative we could get with it. Everyone is so busy in making things not work that they overlook the option to make it hurt the activator and not the target. Perhaps we need to instil the need for people who work for no such agency to get better acquainted with gaming. You might not realise it but games have been on the fringe of hardware for at least 3 decades, optionally even longer and even as some ‘embrace’ that nowadays games are more advanced, people forget that the CBM-64 and Atari ST allowed for games that were often not possible, yet the game makers found a way around their limitations. Consider a game like Impossible mission (Epyx) and the fact that this game can still be enjoyed on an 8 bit system by any number of gamers today, and they got that done on a system with a mere 38KB, it can equal a game that requires an 8GB system, so there!

There are of course a few more ideas, but it is about the concept of working with limits. I ned not explain this to programmers, but some of them will grab an Azure SDK and start from there. We forget that that same company gave us the Microsoft Assembler. Azure solutions start at 765 kilo bits, whilst assembly gives us one of the smallest useful programs for a mere 4 bytes. It is not merely what solution is used, it is about what limitations can be used to our advantage and as a snow-globe gave me the idea to meltdown a reactor, an assembly program used to overcome some security on an EA game (8 bytes) might be the path to set the firing point of the Qiam-1 to the destination point as firing point + 10000 if the destination is measured in metres. At times we forget that having more space does not work, it requires limitations to give us the creativity we required to get it done.

Just my 2 bytes on the matter.

Leave a comment

Filed under Gaming, IT, Military, Science

Tagged as , , , , , , , , , , , , , , ,

September 15, 2021 · 07:58

As questions rise

The BBC gave us the rundown late yesterday (at https://www.bbc.com/news/business-58540936) where we are given ‘Apple rushes to block ‘zero-click’ iPhone spyware’. A setting that comes at times and this is not against Apple, yet the article left me with questions. I get that there is initial finger pointing, as such pointing to the best in the field makes perfect sense to me and it is done with “it had high confidence that the Israeli hacker-for-hire firm, NSO Group, was behind that attack”, I do admit that the term ‘hacker-for-hire’ will be one that requires more precise explaining. Bill Marczak from the University of Toronto’s Citizen which first highlighted the issue gives us “we previously found evidence of zero-click spyware, but “this is the first one where the exploit has been captured so we can find out how it works,”” and this got me thinking. 

Where is the timeline? With what version of iOS does it start? Version 14, version 14.5, version 13? So how long was this in play? It is not the fault of the BBC and it is the first issue.

We then get “the security issue was exploited to plant spyware on a Saudi activist’s iPhone”, so how many activists are monitored? When was the transgression detected? How was the transgression detected? At least two of these questions require investigation and the BBC did not go there. We can argue whether they were required to do so. 

So whilst we are lulled to sleep with “Security experts have said that although the discovery is significant, most users of Apple devices should not be overly concerned as such attacks are usually highly targeted” which could be an absolute truth, we see the setting that Apple is protected. So why was the weakness there in the first place? The answer might be extremely valid, no system is truly secure, we have seen that for a long time. Yet in the moments where I saw this article I phrased a few questions that I have not seen anywhere else (as far as I could tell). And of all the people who could be infected, we get the mention of ‘Saudi activist’? The article was set to certain measures and without proper and a clear explanation there is every chance that additional questions will be asked from the University of Toronto as well. This is not against them and I have nothing against Bill Marczak (I do not know anything about him), but the stage was set in a few measures and that makes for a worrisome setting. A BBC article absent of a few facts and the insertion of a few innuendo’s. All whilst there optionally might be questions from the NSO Group. A stage where we see a setting where (in my personal opinion) someone was standing of the axial of a seesaw to keep the almost in balance. And as the NSO Group, Saudi Arabia and Apple where alternating on the seesaw, the man in the middle offset the balance by just enough to make is wonder, to make us lay blame. Yet all that happened with several facts missing and the smallest mention of “continue to provide intelligence and law enforcement agencies around the world with life-saving technologies to fight terror and crime”.

We all need to do what we need to do, yet I wonder if the BBC (and Reuters) did enough here.

Leave a comment

Filed under IT, Science

Tagged as , , , , , , , , , ,

July 28, 2021 · 01:42

Retry or retrial?

It is time to revisit a few issues, actually one issue and a whole lot connected to it. To start, I decided to go with The Verge, it has its ducks decently in a row, the article ‘NSO’s Pegasus spyware: here’s what we know’ is the best of them all, they also make reference to a lot of articles, and they have a decent line. The article (at https://www.theverge.com/22589942/nso-group-pegasus-project-amnesty-investigation-journalists-activists-targeted) is best if you read it yourself. Mitchell Clark did a good job, and as you have read the article, I can make a few jumps. The important jump gets us to the Washington Post (at https://www.washingtonpost.com/investigations/interactive/2021/nso-spyware-pegasus-cellphones/). This came from the link in “However, much of the reporting centers around a list containing 50,000 phone numbers” and when we seek the Washington Post article, we get “reporters were able to identify more than 1,000 people spanning more than 50 countries through research and interviews on four continents: several Arab royal family members, at least 65 business executives, 85 human rights activists, 189 journalists, and more than 600 politicians and government officials — including cabinet ministers, diplomats, and military and security officers. The numbers of several heads of state and prime ministers also appeared on the list”, no evidence mind you, merely statement and boasting. I call it boast, because we see there that the Amnesty’s Security Lab examined 67 smartphones all whilst close to 50% had an inconclusive test. If this is 67, what about the other 49,933? So when we get to “NSO chief executive Shalev Hulio expressed concern in a phone interview with The Post about some of the details he had read in Pegasus Project stories Sunday, while continuing to dispute that the list of more than 50,000 phone numbers had anything to do with NSO or Pegasus”, my support goes to Shalev Hulio. The Washington Post has a declining amount of credibility and this does not help. From my point of view, I would have made a dashboard based on the 50,000 numbers with a clear separation, In the top layer the continents, then the countries, where we see number of mobiles, versus number of landlines. This basic setting was never done, how stupid is that? A second dashboard could be the identifying class (journalist, government, lawyer, NGO) just to coin a phrase, the Washington Post was all about emotion, not about fact. I see this as a prime time hack job, with the alleged journo’s being the hacks, we also do not get any level of trustworthy setting on how the leak got to the Washington Post. Question upon question and in the mean time we get to see “In Hungary, numbers associated with at least two media magnates were among hundreds on the list, and the phones of two working journalists were targeted and infected, forensic analysis showed” 4 people and 50,000 numbers, could the article be any less relevant? And the stupidity of the Washington Post does not end, no it goes further with “Amnesty’s forensics found evidence that Pegasus was targeted at the two women closest to Saudi columnist Khashoggi, who wrote for The Post’s Opinions section. The phone of his fiancee, Hatice Cengiz, was successfully infected during the days after his murder in Turkey on Oct. 2, 2018, according to a forensic analysis by Amnesty’s Security Lab”, we see ‘two women closest to Saudi columnist Khashoggi’, so how did they get there? Because the numbers were on the list? And when we see ‘The phone of his fiancee, Hatice Cengiz, was successfully infected’, so how was that evidence obtained? From my point of view the text “according to a forensic analysis by Amnesty’s Security Lab” just does not cover it. It even gets worse with “Also on the list were the numbers of two Turkish officials involved in investigating his dismemberment by a Saudi hit team”, I see it as a weak approach to mention “investigating his dismemberment” which was NEVER proven, the proof requires a body, they never got that, at best the man is theoretically still merely missing. And from there we get to “Khashoggi also had a wife, Hanan Elatr, whose phone was targeted by someone using Pegasus in the months before his killing. Amnesty was unable to determine whether the hack was successful”, consider the text “Amnesty was unable to determine whether the hack was successful”, if that is true, how come we get “targeted by someone using Pegasus in the months before his killing”, how was that timeline proven? It is a simple question, the article is a bad approach to give more visibility to a journalist no one gives a fuck about. I like the quote ““This is nasty software — like eloquently nasty,” said Timothy Summers, a former cybersecurity engineer at a U.S. intelligence agency and now director of IT at Arizona State University”, is it eloquent because the NSA never made it, or because an Israeli company has the lead on this? I wonder what Timothy would have said if this was an NSA application? 

And the Verge is on my side, they give us “WAIT, WHO MADE THIS LIST?”, as well as “At this point, that’s clear as mud. NSO says the list has nothing to do with its business, and claims it’s from a simple database of cellular numbers that’s a feature of the global cellular network”, which is supported by “A statement from an Amnesty International spokesperson, posted to Twitter by cybersecurity journalist Kim Zetter, says that the list indicates numbers that were marked as “of interest” to NSO’s various clients. The Washington Post says that the list is from 2016” and when we consider these quotes and we read the Washington Post article for the shite it seems to be, I wonder who is waking up to the fact that the media, all the other media is merely re-quoting what the Washington Post stated and it is absent of all kinds of facts, or they merely didn’t bother putting the facts there. 

The entire Pegasus setting seems like a Wag the Dog approach to whatever these papers want to create and it is optionally a setting (a speculative one) that this is the push from stakeholders who have an issue with the NSO group, all whilst no credible evidence is given to us that there is an actual issue. And in all this the money trail was ignored, I ignored it too, mainly because I was unaware, yet the Verge was aware and they give us “At the time, the costs were reportedly $650,000 to hack 10 iPhone or Android users, or $500,000 to infiltrate five BlackBerry users. Clients could then pay more to target additional users, saving as they spy with bulk discounts: $800,000 for an additional 100 phones, $500,000 for an extra 50 phones” this implies that the cheapest option would be 500 times $800,000, which gives us $400,000,000 that is a whole lot of cash for a lot of people no one cares about. Yes, there are a few alleged targets that makes the pricing worth it, but with the setting I have, there is no way that the 50,000 numbers make sense, oh and before I forget, if this is a list for multiple sources, how many of the numbers doubled up? Too many questions and the media stupidly reprinting what the Washington Post is giving us makes no sense at all, unless you are a stakeholder with anti-Israel sentiments. 

In this Shalev Hulio is right that he is “continuing to dispute that the list of more than 50,000 phone numbers had anything to do with NSO or Pegasus”, I would too and I found a lot of the disputable issues within an hour, I wonder how shortsighted the media was when they decided to reprint what the Washington Post gave them. So whilst the Guardian gives us ‘the global impact of the Pegasus project’, I merely see a storm in a teacup, because the issues in the Washington Post were never decently vetted on a few levels and that is likely the biggest failing of the media at present. It is merely my point of view and I am happy to state that I could be wrong, but the lack of credible evidence, all whilst the media has a declining level of credibility makes my view the most likely correct one, most likely, because I have not seen the evidence, but as you read the articles, that are all about details, lacking generic evidence, how would you see it?

2 Comments

Filed under IT, Media, Military, Politics, Science

Tagged as , , , , , , , ,