Tag Archives: ransomware

Sanity Check

We all need a sanity check at time. There has been a need to regard what we are offered and why certain people seem to try to start to regard fear and misinformation to set people towards the need of greed of some. This is the feeling I get when I look at ‘Brexit: ‘Real risk’ UK could run out of some foods after EU exit, government warned‘ (at http://www.independent.co.uk/news/uk/politics/brexit-latest-food-supplies-shortage-warning-policy-failure-supermarkets-imports-eu-a7844751.html), it starts with the subtitle that gives us “Theresa May accused of ‘serious policy failing on an unprecedented scale’ by academics“. So what matter have they been raiding? Consider the EU nations and how things changed in the late 90’s. Now consider the foods and lives we had in for example the 60’s. We had no shortage of food, we could buy foods and outside of the UK, it was equally easy to buy a bottle of Worcester Lee & Perrins sauce. Some articles were not available (like Tripe), mainly because of the import laws already in place (and we all so loved to eat that in the first place). It was easy to get the Fortnum and Mason’s Christmas plum pudding. The entire exercise to spread fear and misinformation is actually getting to me. I am so sick on the implied creation of intentional chaos. So when you read: “A report from food policy specialists has warned the forthcoming break from Europe will lead to “chaos” unless ministers establish a clear plan on how a new food system will operate“. This reads like it will be the point that some food policy specialists will soon be without a job. Consider the need for sales and exports. Do you think that countries like the Netherlands, Belgium or even France have no export policies in play? These policies have existed for decades. So after Brexit there will be French cheeses and wines, there will be Belgium chocolates and Shrimps and there will be fresh vegetables from the Netherlands. The EU has had close to no influence; it merely seemed to digress towards red tape for the hidden unmentioned need of profitability for large corporations. There will of course be questions in some situations, yet do you think that the exporting corporations will not be ready for that? So when you read ‘without provisions in place‘, we see levels of fear mongering from people who are pushed by other people who are shy of the limelight, because we really have no need for those players fattening the invoices wherever they can, the EU gravy train is coming to a partial end and some politicians are getting nervous. All that easy income falling away, all those unwanted costs added to the prices of what people require to import. Yet the dangers of the single market are often ignored. In a single market may struggle to survive against their more efficient peers, yet how do we see places like ‘Walmart’ as an efficient peer? In that light we see that those with the approach of what should be regarded as ‘exploitative’ and being way too large, having the option to pressure their costs and buying at near 0% margin for the manufacturer has no benefit to competition, it merely makes the owners of Walmart rich fast, whilst there is no place for any number two players. That is the opposite side in all this, a side that the EU has been intentionally silent on for way too long.

The article refers to a paper which can be found (at http://www.sussex.ac.uk/spru/newsandevents/2017/publications/food-brexit), the added PDF in there gives us “Set new clear targets for UK food security (food supply, quality, health and consumption) which go beyond mere quantity of supply by addressing ecosystems and social systems resilience“, this sounds important, yet in all this my question towards Tim Lang, Erik Millstone & Terry Marsden becomes ‘When was the last time you ate an equine burger?‘, the UK was part of this so called EU food security, and as such the professors from the Universities of Cardiff, London and Sussex might have forgotten about that 2013 events, where Tesco had 27 beef burger products laced with horses and pigs.

Also consider the quote ““In the EU, UK consumers and public health have benefited from EU-wide safety standards, without which there will be a risk of the UK having less safe and nutritious products“, we could argue that with 100,000 angioplasty events per year, that issue is a non-issue at present already, ye as it is hard to get any clear EU statistics (read: could not get any reliable figures) there is no quality view to get at present. In all this, when I see certain events mentioned, it is almost like there is a hidden P&G (read: Proctor & Gamble) logo behind all this. That is a purely personal and speculative view! In addition, as I write in opposition of certain points, this is an academic paper, it gives us clear sources and we can disagree with the view of these three professors, there is the issue that their view remains a valid view.

This gets us to two parts that mention the issues that we are going towards, in my view it is a view that should have been adjusted for at least 5 years ago, Brexit might be an element, but it is not the cause and after Brexit these systems have never been adjusted, there is merely the identification that the government in general should have started to make adjustments a long time ago. The quotes “The current food policy community is fragmented and divided. There is an urgent need for a more collaborative policy platform to be created involving all the main players. If the government fails to do this, others will need to take the initiative“, as well as “Meanwhile the NHS is becoming increasingly bankrupted, not least because of the growth of an aging population suffering a dietary-health epidemic; the critical significance of the food system needs highlighting in these debates“, it is interesting that I recognised this several day ago as a hindering issue for the NHS.


There is one part that the paper definitely gets right (read: it actually gets a lot more right). It is seen on page 14 with “These aspirations and policy principles should be incorporated in the new food legislation, which Food Brexit will entail. An estimated 4,000+ pieces of regulation and law are EU based“, this is one side that truly matters. The question becomes: ‘Is it merely ‘new legislation‘ or comparing the EU legislation against that legislation that was in play?’ and as such decide on the path of adjusting the original legislation, or create new legislation. This is something that should have been discussed in the House of Lords at the very least. It seems that not only it has not happened; there is no indication at present that this will happen any day soon at present, which is odd to say the least, it is not like the entire Brexit issue dropped out of the sky last night.

Still, even as the paper is valid and valuable, it is my view that the Independent is too much about fear mongering. When we see “Even a “soft” departure from Europe, in which the UK will remain in the single market or customs union, could badly affect the food and farming industries, they add“, so even if the UK remains in a single market, there are still dangers? If that is so, what the bloody use is a single market?

Another issue (as I personally see it) is seen in “The report, which is based on more than 200 sources, continues: “Prices, which are already rising and likely to rise more, will become more volatile, especially harming poor consumers.”“, in the first, prices have always been rising and that is not likely to ever change. The cost of living has been under attack in the UK for the better part of a decade. If you are not a well off banker, or some hedge funds investor, it is extremely likely that your quality of life has been stagnant. It does not matter whether you are a cashier, a barrister or a doctor; your quality of life has been declining for the longest time. It is merely the amount of quality of life lost that differs between the three groups. In the second, volatility has been equally an issue for the longest time. If that was not the case, the mere need for equine burger was never an issue. The EU at large has been under ‘profit scrutiny‘, which just emphasises the need for better food security all over Europe, a factor the EU failed since decently before 2013. In all this another article requires the limelight. With “It cites recent research by the British Retail Consortium that the absence of a trade deal could push the price of imported food up by 22%“, the question becomes, what (and where) are these numbers based on? The article (at http://www.independent.co.uk/news/uk/home-news/christmas-dinner-price-rises-by-14-per-cent-a7453591.html), is as speculative as the evidence that the photographed Turkey tasted nice. We just do not know. With “In October, the British Retail Consortium warned shoppers could face higher prices if the Government failed to strike the right Brexit deal with the EU” as well as “the UK could be forced to use World Trade Organisation (WTO) rules, which could cause the price of meat to rise by as much as 27 per cent“. In these two quotes the operative word is ‘COULD‘, none can give any evidence on the amount it raises (or if it rises at all); it is from my point of view with the emphasis of ‘merely fear mongering’. In the end, none of them acknowledge that the UK is a willing market with 68 million consumers. Show me one salesperson who would willingly walk away from such a large group of consumers and I will introduce you to a liar. All the fear mongering we see, and in the end we see a collection of large corporations like Mars and Coca-Cola that will accept the impact on their margins as they are trying to avoid a total loss of bonuses for a much longer period of time.

I will add the paper at the end in this article, because whether I agree or not to some extent, it is a good and proper academic piece and even as we might consider elements in different light, the paper does show clear indications that there are issues that require addressing and there are also issues that should have started to be addressed several years ago. There is a policy failure to some extend in some way and in a much larger way in other views of focus. The academic paper is not in question; the method of fear mongering that the Independent is playing with is a much larger issue that should be taken a look at.

So as the Independent is fear mongering food issues and the Guardian tells us ‘Britain ‘will be less safe’ without access to EU crime databases – peers‘, yet because before the Schengen mess there was no Interpol or information available, we need to realise that some things will require adjustment, that was never ever in question and in all this the events are not due for 20 months. Now, we can all agree that things need doing, yet has anyone considered that some of these current systems will be obsolete before the 20 months deadline (read: some already are to some degree)? The EU has no firm handle on data automation (as per collecting), or the impact that 5G will give to the data stream, none of the systems will be ready before the change and some will not even be ready then. It was only Yesterday when I found it essential to message Ben Wallace MP that his ‘Accelerator Open Call for Innovation‘ is missing an encryption topic in the data challenge. (at https://www.gov.uk/government/publications/defence-and-security-accelerator-enduring-challenge/accelerator-enduring-challenge), in this age of Ransomware and security flaws, the entire encryption challenge will be a huge one, as more cloud data is no longer safe in either data in transit or at rest, any security assessment system would require new levels of encryption. This is not merely my view, when we look at the works otien Lenstra, a cryptology professor at the Ecole Polytechnique Fédérale de Lausanne (EPFL) in Switzerland, says the distributed computation project, conducted over 11 months, achieved the equivalent in difficulty of cracking a 700-bit RSA encryption key, so it doesn’t mean transactions are at risk and his 2007 article passed the deadline 5 years ago. Even now the larger military contractors like Thales are seeing Big-Data Encryption as one of today’s challenges, so how important would it be in let’s say 3-4 years?

So as we see food fears and so called ‘security‘ data issues, we see that some of the players haven’t even considered including the elements of encryption in some areas. The reason for that view is that encryption is not merely about adding some code, or encoding all data, it is a system of checks and balances, where recovery of corrupted data becomes increasingly important. For those not in the know (which is very valid) there was a virus decades ago called the DBase-virus, it came from the 90’s and decided to corrupt all the data in a DBase database. The clever part was that as long as the virus was there, the user did not know, the moment it was cleaned out, all the data was instantly corrupt, the virus was a cypher and decipher part. In these days of Ransomware, such systems require additional elements and they end up being part of the core, not merely an added element in the core, so when the paper gave me “data – cyber, information, big data, management and processing, sense making, visualisation, delivery, interoperability” as an element, whilst encryption was not part of it, whilst there were other topics like mobility and situational awareness (sensors and surveillance). It seemed to me that the crypto element was not just important, it will be vital and in that field a little innovation goes a very long way. Yet beyond all that, with larger computers and ever-growing large hi speed mobility, the need and application of encryption equally changes, so when we see the need for some European adjustment, we need to realise that not merely the policies are overdue plenty of revisions, in all this, Brexit or not, with the near daily events of data losses, we need to seriously contain certain dangers

So how of topic did I go?

From merely the food part quite a bit (seemingly), yet in all this, the policies and the data issues are connected. If we accept that some of these policies are all depending on the Department for Environment, Food & Rural Affairs (DEFRA), we see that the objectives, indicators of progress, the achievements and action points are also data driven (at https://www.nao.org.uk/wp-content/uploads/2016/10/Departmental-overview-2015-16-Department-Environment-Food-and-Rural-Affairs.pdf), now data will be at the centre of pretty much every part of life, yet from the paper that the three food boffins bring us (namely Lang, Millstone & Marsden), it will not merely a more dire need in reactive, there is an increasing view that the view needs to be transposed towards a proactive situation. The elements in that paper on Spending reduction (page 10) and workforce capability (page 13) imply that these two will impact the entire CAP (Common Agricultural Policy) in several ways, so to not go towards the fear mongering as the Independent implied with its 27% price rise, a proactive system that could counter or at least limit these events to a certain degree. The need has always been there, but the EU has gravy train driven red tape factory (as I personally see it) and as such too little forward momentum is seen and the UK parliament has been forever waiting for the EU to start something so they could be seen as a limited forward momentum party as well. So now is the perfect time to get something actual in place, but to rely on data that could be ‘mismanaged‘ by those trying to thwart the machine requires a much better digital transformation plan as well as a much better digital security and footprint approach, one that has clear boundaries of non-repudiation. Many of these elements either not mentioned, or ignored.

And here is the great part, I am not fear mongering, I am merely saying that things require attention and doing and there are still 20 months, yet doing something immediate is equally dangerous as 5G will impact on a global scale, so having proper preparations and having a system that is not set in stone, but one with certain levels of flexibility and options of evolution is much more important, so that we avoid having a massive invoice that requires paying it twice (or even thrice).

If there is one element of the entire Food report that I had an issue with than it must be ‘12. Keeping a close eye on our EU neighbours: it takes (at least) two to tango‘, there is nothing wrong with what is written, yet what I voiced earlier, the need to sell to the UK is partially ignored and the second partner in that tango is the provider of goods. The 5 scenarios read perfectly fine, yet they are all so based on the premise of the UK being the needy one, we forget that there are 27 nations all vying to get a leg up on the option to sell to 68 million consumers, it seems that the part is not that emphasised. In the end there needs to be a level of balance, yet I feel certain that once Poland is playing hard to get with the UK, I feel certain that Spain will jump up at the chance to get this market. It will not always be a balanced battle, but the UK has options and the newspapers at large have been overly silent on this part, which is why I am upset with the entire fear mongering thing. There was never an issue with being alert, but the papers at large have been completely negative again and again, focussing on the negative ‘could’ and ignoring the positive possibilities. In all this, I still personally believe that the largest players are all about the Status Quo as they have it and in that the one part that Nigel Farage got right, if this gives an option for the local smaller players to get an actual slice of the exploited market we might actually get some level of economy growing and in that, at the end the United Kingdom becomes an economic growth winner.

I think it is a mere sanity check that we try to get a level of alignment on the jobs that need to get going on and as such get a grip of what becomes a possibility, in that the ‘A Food Brexit: time to get real‘ report gives us a handle on what needs to be realised, but at times, although the report gives a really good view, as stated, my issue remains to some degree too much about the page 15 mention of; “UK ministers have failed to explain from where they expect the UK to import its food“, whilst in equality, the optional question “Which quality provider of foods is ready and willing to export to the UK?

In a world where export is essential to any government, is it not interesting that we do not see the latter version in the media, in a situation that amounts to pretty much the exact same premise?

A Food Brexit: time to get real

Departmental Overview 2015-16


Leave a comment

Filed under Finance, IT, Law, Media, Politics, Science

Oh La L’argent

Reuters is giving us the news yesterday that there is trouble brewing in France. The article titled ‘France’s Macron says defense chief has no choice but to agree with him: JDD‘ (at https://www.reuters.com/article/us-france-defence-idUSKBN1A00TE). The best way to trivialise this is by going on the fact that the world’s 6th most spending nation on defence is cutting the defence of France back by almost a billion. Now, for the number one and two spenders in this field, that is a laughable amount. In the national terms it is a little below 2% of that total budget. In light of the UK NHS and other players needing to trim the fat and handover a pound of beef that amount is equally laughably low, yet for France? The article gives us in addition ““If something opposes the military chief of staff and the president, the military chief of staff goes,” Macron, who as president is also the commander-in-chief of the armed forces, told Le Journal du Dimanche (JDD)“, we can see this as hard talk and a kind warning to any opposition, or we can accept that this former financial advisor is setting up the board. He is placing certain pieces in reflection of the events coming in 2018. I wonder if it is merely about defence spending. Even as we see the other quote “General Pierre de Villiers reportedly told a parliament committee he would not let the government ‘fuck with’ him on spending cuts“, the questions are rising on two fronts, fronts that are not them by the way. You see, when we see another source (at http://www.iiss.org/en/militarybalanceblog/blogsections/2017-edcc/july-c5e6/franco-german-cooperation-1efd), we see ‘Can Franco-German cooperation deliver a new European defence?‘, yet the question is not merely the side that matters, it is the quote “German Chancellor Angela Merkel has committed her government to meeting the symbolic 2% defence-spending threshold” as well as “Germany remains far off the 2% spending mark – it is projected to spend 1.2% of GDP on defence in 2017 – and the Chancellor’s main opponent in this September’s federal election, Martin Schulz, has poured cold water on Germany’s commitment to that goal“, this is where the cookie starts to crumble. Is there a consideration that France is cutting costs, to remain on par with Germany, mainly because that would simplify a European Army where the ‘pound’ of all power is based on France and Germany? It works for President Macron, because at that point he could spend it somewhere else, in some form of local Quantative Easing (read: funding economy projects) as well as highly needed infrastructure overhauls. Although, 1 billion will not get this too far, but overall one or two larger issues could be resolved to a better degree, depending on whether he goes for roads or waterworks as a first priority. In all this there is a second issue, which is the combined design of a new 5th generation fighter jet, which will impact both German and France’s defence spending a lot more than anything else.

So as General Pierre de Villiers is contemplating the impact of 2% less, whilst a new jet is on the design table and 2018 will become the year of whatever EU army is up for initial presentation, the amounting costs of that infrastructure change, the General is confronted not with a president, but with a former investment banker that relies on Excel and predictive analytics to set the possible options of a virtual reality against a person who deals in real time events, idle time strategy impacts and an need towards an affirmation of hierarchy whilst having a complete operational army. In all this there is no telling when France gets attacked next and for that the DGSE will need 5 high powered computers with access to a cloud system. With a new encryption that surpasses the current 1024-bit RSA encryption that is used. So yes, that is also going to cost a bundle.

This is not just ‘all about the money’, you see, the IISS article seems to give rise to the Nuclear planning part, but that is not the actual issue that will play. As in any war and any intelligence operation, it will be about the data and intelligence that is acted on, and whilst there is data going back to 2007, that the growing issues becomes a shifting one. With: “Arjen Lenstra, a cryptology professor at the Ecole Polytechnique Fédérale de Lausanne (EPFL) in Switzerland, says the distributed computation project, conducted over 11 months, achieved the equivalent in difficulty of cracking a 700-bit RSA encryption key, so it doesn’t mean transactions are at risk — yet“, the growing deadline was set to roughly 5 years, with the growth of Ransomware and other criminal cyber solutions, we have gone passed the deadline of 2012 and as such, the is now a growing need for matters a lot more secure. when we consider the added quote: “the University of Bonn and Nippon Telegraph and Telephone in Japan, researchers factored a 307-digit number into two prime numbers“, this might be a breakthrough in some ways, yet it still took 11 months to get to the solution, with other solutions like distributed calculating (example the famous Seti@Home program) and the cloud, as well as the fact that the bulk of PC users leave their computers on and way too unsecured, we are facing a combination that could spell cyber disaster. Just consider all those kids working their DDOS attack games. What happens when the computer is not aware because it is no longer attacking places (that can actually register these events), but just silently mulling over data? The person is asleep or at work, now we get that shared options gives us for example 50,000 calculators, changing an 11 month gig into a mere 10 minute job. Now, there is no precedence for this, yet the amount of people that have an infuriating lack of common cyber sense is still way too high (well over 75% too high), so getting to 50,000 computers silently is not the greatest task. It had been made easier by the Microsoft security flaws all over the place and the users not being adamant in upgrading their system when needed, as well as the need from Microsoft to keep on pushing some version of blue (read: Azure), my speculation is not that far away, moreover, it could actually already slowly being used in one way or another (read: extremely speculative suggestion).

Yet, the gist must be clear, the governments, pretty much all over Europe are due a large overhaul of data collectors and data storage systems. Even as we see on how Russia and the US are so called collaborating on quantum computing, those who comprehend the technology will know that whomever has that technology would be able to gain access to any data, it like you using a PC XT, whilst others are all about the Pentium 2, the difference will be that severe.

Yet, this was about France (read: actually it is not). The issue is not just the small disagreement that was going on between two important players within a Western European nation; the fact that it was on a subject and amount that is not that drastic, but Reuters is going with it on the front of its pages. In all this France is also getting the forefront of visibility trying to become the facilitator for the Qatar, which comes with the added danger that France will become more of a target for extremists because of it. Not a given, but it is more likely than not that there is a danger that this will happen.

On the coming year, we see that it will be all about the money, that has always been a given, so it is just telling people that there is water coming out of a water tap, yet it will be growing in the coming year as several nations have overly neglected infrastructures and there is a decent prediction that some part will have to give in, which will require additional budgets. France and Belgium are taking the top ratings on the need to improve their roads and as some roads have been neglected for too long, the road repairs bill could become exceedingly large for those two players. As such, the total debt of France will take a rising hit (one part that France cannot really afford at present) and Belgium would be in a similar predicament. These are the additional elements that President Macron will need to deal with.

Does that not make defence cuts more important?

Well, that is one way to look at it, which is a valid one, yet the rising projects and the growing chance of a European Army start would give rise to either more spending needs in the French defence budget or the French Ministry of Defence could end up having to deal with additional pressure points soon thereafter, in this other nations (including the UK have similar complexities to deal with)

Why the reference to France?

Well, that will become a little more obvious in about a moment, yet it was important to show that the cost cutting on Defence in France is a first mistake (read: blunder) by President Macron.

The article ‘Government offers £2m for scientific research into counter-terrorism‘ (at https://www.theguardian.com/uk-news/2017/jul/17/government-offers-2m-for-scientific-research-into-counter-terrorism), is showing us a first step in regards to solve possible extremist behavioural issues. In my personal view it is a competition that Israel could win hands down as they have been employing certain parts of that with success at Ben Gurion Airport and other places for close to a decade. Yet, doing it in some automated way through data gathering is a new side to that and here is where all the hardware and DGSE comes into play, or in the UK terms, this is where GCHQ could be starting to earn the big bucks (read: £). The quote “The threat from terror does not stand still, so neither will we, which is why we are calling on the best and the brightest from the science and technology sector to come forward with their ideas and proposals to support our ongoing work to keep people safe” is the one that matter, yet overall, even beyond the £2M price, the costs will be decently staggering. You see, this is no longer about intelligence dissemination; it will become the field of real time parsing, gathering and analysing. Yes, the sequence is correct! You see, it requires the analyses of gathered information, parsing new data and overlaying the results, all that in real time. So as I stated earlier by relating this to Paris (and the attacks), it is the applied use of General Pierre de Villiers with the added parsed intelligence in real time. For the non-military trained people. It is like watching a Command and Conquer videogame, yet now seeing the entire map and knowing how the opposition is moving next, whilst in reality you are not seeing the map at all. Look at it as a version of blind chess, Hi-Octane style. Now consider that this is happening in real time at this very moment in London, with all the information of CCTV, facial recognition and back tracking the first attack and then back tracking the faces where it happened, seeing where they came from and seeing how the next event would likely happen and how soon. The computational power would be close to unimaginative large. So when you see ““In light of the horrific attacks in London and Manchester, the government has committed to review its counter-terror strategy,” Wallace will say. “Further to this I am announcing today that we are making up to £2m available to fund research into cutting-edge technology and behavioural science projects designed to keep people safe in crowds.”” we need to consider not just doing that, yet as I stated encryption, it will also require the collected data to remain safe, because the first one to have the manpower and the skill to hit not just in extremist ways with weapons, yet to hit their opponent with a cyber-assault to corrupt the initial data, will not merely have the advantage, it could cripple that forecasting system, implying that crowds will suddenly no longer be safe when an actual attack occurred.

So when we consider “Counter-terror agencies are running 500 investigations involving 3,000 individuals at any one time as they confront an unprecedented threat“, we aren’t being told the entire story. You see, it is not just that, in a crowd event, there would be the need to be able to scan 50,000 people and be able to flag as many and as fast as possible those who are not a threat. To teach a system where to look is one way, where not to look and what to overlook is equally a required skill. To do this in real time, requires loads of data and might not be entirely feasible until quantum computing is a realistic option. When someone tells you that 50,000 people can be easily scanned, we could concur, yet when every person needs to be checked against 200 sources? Consider the lone wolf (or wannabe extremist). Having an initial harmless person in the crowd is one thing, having one that came all the way from Grantham, whilst there is no data that this person has ever attended such an event becomes an issue, now correlate that against the event (like a concert, a humanitarian event or a political rally), how often has this person attended? It might be the first time, which does not make that person a worry, merely a flag that it is out of character. So how many people would have a similar flag setting? Now you get to see the need of exiting gathered data, which gives a rise to knowing those who are merely vested interest people, and optional worries. When you consider that it could require 100 additional flags that give rise to danger, you will now see the need for the computing power required. So how has Israel been successful? Well, they have observers, people who see people walk by, their stance, and their actions, how they look around, levels of nervousness, the way they walk, the luggage they have. The human brain is the most powerful computer there is, the eyes are camera’s that can see more detailed in 3D than nearly any given camera on the market and those persons can read the people walking by. I believe that there is a future where devices can do similar things because they can look different (read: infra-red), not better.

I think that the approach by Ben Wallace, the security minister, is brilliant. He is opening the doors towards out of the box thinking and perhaps set a new stage of technology. There will always be people outside the government who are more brilliant that those within, he is merely inviting them to cast the stone of innovation, I reckon that in light of the technology changes we will see in the next 2 years, the timing is great, time will tell us whether the solutions were real ones too. At least the ball has started to roll and in light of the cut backs by France, the United Kingdom could have a technological advantage that might be a long term solution all others want, which is great too for several reasons of economic growth, which keeps the commercial solution providers interested.



Leave a comment

Filed under Finance, IT, Military, Politics, Science

In light of the evidence

We tend to accept facts and given situations whenever we have a reliable source and a decent level of evidence. The interesting side is that howling to the moon like a group of sheep hoping the lone wolf will not hear them is an equally weird revelation. The question becomes at that point, who is the lone wolf and who are the sheep, because neither position nor identity is a given. Now, for the first art, we have the Guardian article (at https://www.theguardian.com/politics/2017/may/27/eu-theresa-may-combat-terror-brexit-europol), with the expected title ‘We need deal with the EU to combat terror, experts tell Theresa May‘, which of course gets them the DGSE, yet the usefulness of the rest becomes a bit of an issue. For this part we need to look somewhere else, and we will do that after the given quote in the mentioned article “Although our partnership with the US for intelligence sharing is extremely important, the fact is that the current terrorist threat is very much a European dimension issue. The Schengen database and knowing about who has moved where are all intimately dependent on European systems and we have got to try to remain in them“. This could be a valid and valued statement, yet is that truly the case? For this we need to take a little gander to another place of intelligence and Intel interest. The Cyber monkeys, or is that the cyber-mercenaries? The difference is merely a moment when you WannaCry 1.4. You will have heard, or perhaps read regarding the NHS as it was struck, here again we see: “However, it instead appears to be down to organisations and individuals failing to run keep Windows up to date“, which was actually voiced by NHS Digital, the failure of policies as they were not adhered to by IT staff, or at least those responsible for keeping those PC’s up to date with patches. The second quote given much earlier in the IT article is ““To be abundantly clear, the recent speculation concerning WannaCry attributes the malware to the Lazarus Group, not to North Korea, and even those connections are premature and not wholly convincing,” wrote James Scott, a senior fellow at the Institute for Critical Infrastructure Technology (ICIT)“, which is where I have been all along. The one nation that has less computer and internet innovation than a Nintendo GameCube sets this level of hardship? It is just too whack for thought. It is the quote “At best, WannaCry either borrowed heavily from outdated Lazarus code and failed to change elements, such as calls to C2 servers, or WannaCry was a side campaign of a minuscule subcontractor or group within the massive cybercriminal Lazarus APT” that changes the game. In addition we see: “The publication referred to “digital crumbs” that the cyber security firm had traced to previous attacks widely attributed to North Korea, like the Sony Pictures hack in late 2014″, we will exclude the quote “Shadow health secretary Jon Ashworth has said Labour would invest an extra £5 billion into new IT infrastructure for the NHS, after hospitals and services were affected by the widespread Ransomware attack on Friday“, especially as Labour had in the previous government wasted £11.2 billion on an IT system that never worked, so keeping them away from it all seems to be an essential first.

The issue is now in several phases. Who got hit (those not updating their systems). It affected according to some sources thousands of systems, yet when it comes to backtracking to a point of origin, the Cyber Intelligence groups remain unclear. The IT article (at http://www.itpro.co.uk/security/28648/nhs-ransomware-north-korea-may-not-be-behind-wannacry), gives us a few things, yet the clear reference to the Guardians of Peace, the identity the hackers had given themselves in the Sony event gives a few additional worries. Either this is clearly a mercenary group without identity, or we have a common new issue on identity when it comes to Cyber criminals. You see, as we see more and more proclaiming the links between the Lazarus group and North Korea, we do not get to see a clear link of evidence. Many sources give us ‘could be linked‘, or ‘highly likely‘, which is an issue. It makes the evidence too shallow and circumstantial. The NY Times gives us (at https://www.nytimes.com/2017/05/22/technology/north-korea-ransomware-attack.html) yet they are basically stating what Symantec game us and mention that. My issue here is “But the hackers left behind a trail of digital crumbs that Mr Chien and his colleagues had traced to previous attacks by the Lazarus Group“, what if the crumbs were an intentional side? You see, the quote “another group of hackers that call themselves the Shadow Brokers published the details of National Security Agency hacking tools that the WannaCry hackers were able to use to add muscle to their attacks” give a different light. The fact that there is a team reengineering tools and flaws to get somewhere fast is one. We have seen the lack of actual cyberpower of North Korea in the past, the fact that they are regarded on the same level as Chinese Cyber forces is a bit silly. You see, any country has its own level of savants, yet the fact that North Korea, a nation as isolated as it is, gets to be on par with China, an actual superpower that has Cyber infrastructures, experts at the University of Shanghai (the white paper on cracking AES-256, 2001), as well as a growing IT technology base is just a little too whack.

This now reflects back to the European need of Schengen. The UK needs quality intelligence and with the US breaches of Manchester, the fact that no high quality evidence was ever given regarding the Sony Hack, the growing source of all kinds of hacker names and no validity or confirmable way to identify these groups leaves us with a mess that pretty much anyone could have done this. In light of the NSA flaw finders, there is now more evidence in the open giving the speculative hacker as one with skills that equal and surpass people graduating with high honours at MIT, than anything North Korea could produce. It does not put North Korea in the clear (well the fact that the generals there had no comprehension of a smartphone should be regarded as such), and as we see the entire Bitcoin go forward, we need to take more critical looks at the given evidence and who is giving that evidence. We all agree that places like Symantec and Kaspersky should be highly regarded, yet I get the feeling that their own interns know more about hacking then the sum of the population of all North Koreans do, which is saying a lot. We see supportive evidence in the Business Insider (at http://www.businessinsider.com/wannacry-ransomware-attack-oddities-2017-5). Here we see IBM with “IBM Security’s Caleb Barlow, researchers are still unsure exactly how the malware spread in the first place. Most cybersecurity companies have blamed phishing emails — messages containing malicious attachments or links to files — that download the ransomware. That’s how most ransomware finds its way onto victims’ computers. The problem in the WannaCry case is that despite digging through the company’s database of more than 1 billion emails dating back to March 1, Barlow’s team could find none linked to the attack“, one billion emails! That is what we call actual evidence and here IBM is claiming that the issue of HOW the malware spread remains a mystery. Now, can you see that the entire North Korean issue is out of touch with the reality of Common Cyber Sense and Actual Cyber Security? Two elements, both are essential in all this. It is the lack of actual evidence that seems to be the issue, giving us the question, who wants the North Korea issue propagated? Any answer here is more likely to be political than anything else, which now gives us additional questions on where for Pete’s sake the need of European Intelligence remains as they fall short of providing answers. In light of the Schengen database. Why would that not be shared? If the US has access as a non-European, non-EC nation, why would the UK, a clear European nation be barred from access? With all the flawed acts by the US, having actual professionals look at Schengen data, seems to be an elemental first, would you not agree?

An additional question would be on how these Bitcoins would be cashed, it is not like an isolated nation like North Korea ever had a flying business in Bitcoins in the first place. It is actually (yes, I am shocked too), that quality information comes from PwC. In this case Marin Ivezic, a cyber-security partner. He gives us “EternalBlue (the hacking tool) has now demonstrated the ROI (return on investment) of the right sort of worm and this will become the focus of research for cybercriminals“, which would be a clear focus for veteran cyber criminals, yet the entire re-engineering foundation gives another slice of circumstantial evidence that moves us actually away from North Korea. So in this we have two elements. As the FBI and CIA have been all about pointing towards North Korea, the question becomes, where do they not want us to look and whatever else do they not have a handle on? These points are essential because we are shown an elemental flaw in Intelligence. When the source is no longer reliable, why would they be around in the first place? We can agree that governments do not have the goods on Cyber criminals, because getting anything of decent value, tends to require inside knowledge, which is the hardest to get in any case, especially with a group as paranoid as cyber criminals. The second side is that China and Russia were on the list as one of the few abled parties to get through Sony, yet Russia has fallen of the map completely in the last case, that whilst they are actually strengthening ties with North Korea. That does not make them guilty, yet on the sale required Russia was one of the few with such levels of Cyber skills. The fact that we see in the NY Times that it is too early to blame North Korea is equally some evidence, it gives vision to the fact that there are too many unknowns and when IBM cannot give view of any mail that propagated the worm, gives additional consideration that there are other places who cannot claim or show correctly how the worm got started, which is now an additional concern for anyone altering the work for additional harm. As the point of infection is not known, stopping the infection becomes increasingly difficult, any GP can tell you that side of the virus. There is one more side I would like to raise. This comes from a source (at http://securityaffairs.co/wordpress/59458/breaking-news/wannacry-linguistic-analysis.html), it is not a journalistic source, or a verified source, so please take consideration that this news could be correct. It is however compelling. The quote ““The text uses certain terms that further narrow down a geographic location. One term, “礼拜” for “week,” is more common in South China, Hong Kong, Taiwan, or Singapore. The other “杀毒软件” for “anti-virus” is more common in the Chinese mainland.” Continues the analysis “Perhaps most compelling, the Chinese note contains substantial content not present in any other version of the note, is lengthier, and differs slightly in format.” The English note of the ransomware appears well written, but it contains a major grammar mistake that suggests its author is either not a native speaker or possibly someone poorly educated“, that would make sense, yet how was that source acquired?

The second quote: ““Given these facts, it is possible that Chinese is the author(s)’ native tongue, though other languages cannot be ruled out,” Flashpoint concluded. “It is also possible that the malware author(s)’ intentionally used a machine translation of their native tongue to mask their identity. It is worth noting that characteristics marking the Chinese note as authentic are subtle. It is thus possible, though unlikely, that they were intentionally included to mislead.” The Flashpoint analysis suggests attackers may have used the Lazarus code as a false flag to deceive investigators, a second scenario sees North Korean APT recruiting freelance Chinese hackers to conduct the campaign” gives us a few elements, the element of misdirection, which I had noted on from other sources and the element that North Korea is still a consideration, yet only if this comes from a freelance hacker, or someone trying to get into the good graces of Pyongyang, both options are not out of the question as the lack of Cyber skills in North Korea is a little too well set from all kinds of sources. The writer Pierluigi Paganini is a Cyber professional. Now even as Symantec’s Eric Chien is from California, did they not have access to this part and did no one else correctly pick up on this? As I stated, I cannot vouch for the original source, but as I had questions before, I have a few additional questions now. So, exactly how needed is European Intelligence for the UK? I think that data should be shared within reason. The question becomes, how is Schengen data not shared between governments? The Guardian gives us “After the Manchester attack, which killed 22 people and left dozens of others grievously injured, it was revealed that suicide bomber Salman Abedi had travelled back to England from Libya via Turkey and Dusseldorf four days before the attack“, so how reliable is Turkish intelligence in the first place? How could he have prepared the bomb and get the ingredients in 4 days? There is an additional view on ISIS support active in the UK, yet as we now see that this drew attention to him, why on earth was the trip made? Also, was Libya or Mecca the starting point (source: claim from the father in earlier Guardian article)? How would sharing have resolved this?

Now look at this in light of the US leaks and the Cyber Intelligence of a dubious nature. There is a growing concern that the larger players NSA, DGSE, GCHQ have flaws of their own to deal with. As they are relying more and more on industry experts, whilst there is a lack of clear communication and reliable intelligence from such sources, the thoughts now become that the foundation of fighting terror is created by having a quality intelligence system that recognises the need for Cyber expertise is becoming an increasing issue for the intelligence branch. Should you wonder than, then reconsider the quote: ‘demonstrated the ROI (return on investment) of the right sort of worm and this will become the focus of research for cybercriminals‘, if you think that cyber jihadists are not considering the chaos that they could create with this, then think again.  They will use any tool to create chaos and to inflict financial and structural damage. They might not have the skills, yet if there is any reliable truth to the fact that the Lazarus group is in fact a mercenary outfit, there would be enough critical danger that they will seek each other out, that is providing that ISIS could bring cash to that table. I have no way of telling how reliable or how certain such a union could be. What is a known is that Sir Hugh Orde is not answering questions, he is creating them, as I personally see it. The quote “UK membership of EU bodies such as Europol and Eurojust, which brokers judicial co-operation in criminal cases, not only allowed access to huge amounts of vital data, but also meant UK police could set up joint inquiries with German police or those from other national forces without delay“. You see, the UK remains part of Europe and Interpol existed before the EC, so as we now see the virtual creation of red tape, the question becomes why the EU has changed rules and regulations to the degree that the UK would fall out of the boat. Is it not weird that the EU is now showing to be an organisation of exclusion? Even if we laugh on the ridiculous promises that Corbyn is making, just to be counted shows that there is a larger problem in place. Why is there suddenly a need for 1,000 more intelligence staff? Can we not see that the current situation is causing more issues then resolve them? As such, is throwing money and staff on a non-viable situation nothing less than creating additional worries?

The last part is seen in “The Schengen database and knowing about who has moved where are all intimately dependent on European systems and we have got to try to remain in them“, yet this does require all players to enter the data accurately, in addition, that only applies to people entering Schengen, yet as has been shown in the past, after that getting locations on people is becoming an increasingly difficult problem. The fact that after the Paris attacks, some people of interest were found to be in Belgium is one side, the fact that these people could have met up with all kinds of contacts on the road is another entirely. The truth is that the intelligence branch has no way of keeping track in such details. In addition we have seen that the list of people of interest is growing way beyond normal means and organising such data streams and finding new ways not just to find the guilty, but to decrease the list by excluding the innocent is growing in complexity on a nearly daily basis. And that is before the cyber mess is added to the cauldron of nutrition. There is at least a small upside, as the technology stream will soon be more and more about non-repudiation, there will be additional sources of information that adds the branches by pruning the list of people of interest. The extent of pruning is not a given and time will tell how this is resolved.

It all affects the evidence that the parties hold and how it is applied, it remains a matter of time and the proper application of intelligence.


Leave a comment

Filed under Finance, IT, Law, Media, Military, Politics, Science

Where to focus?

This is an issue on the best of days, we are overwhelmed with information, real news, fake news and of course the Direct marketing waves that hit our internet eyes nearly 24:7. The internet is no longer some child, it is a grown adult and adults tend to lack a certain sense of humour, well the adult eyes of the beholder that is. Yet, what matters to us? When we move beyond the job that feeds you, the partner that … you and the family that gives you (usually) strength. When these things are dealt with, what matters next?

The fearful will look at North Korea, on how they are a threat and when we look at the Washington Post, a very respectable paper we see (at https://www.washingtonpost.com/opinions/the-north-korean-nuclear-threat-is-very-real-time-to-start-treating-it-that-way/2017/05/18/d60cbeec-39a4-11e7-8854-21f359183e8c_story.html) on how the threat is real. Even as we saw two failed launches, and in addition, we have yet to see anything from North Korea to get any missile that far (reaching the US), that an opinion piece states: “Stephen Rademaker, a principal with the Podesta Group, was an assistant secretary of state responsible for arms control and nonproliferation from 2002 to 2006“, so here we see the message, yet the core truth is: “The Podesta Group is a lobbying and public affairs firm based in Washington, D.C.. It was founded in 1988 by brothers John Podesta and Tony Podesta, it can be found at 1001 G Street, NW Suite 1000 W Washington, DC 20001“. Basically it is a marketing firm working a very niche market. Don’t get me wrong. I am not ‘attacking’ them, I would accept a position in such a firm any day of the week. Whether we call them marketeers, government strategy councillors or even diplomatic assistants, they are professionals and I do love working with professionals, especially in an environment I am not fully comprehensive of. You see, when you are out of your waters, most people tend to get to be a little apprehensive. Not me, it invigorates me, whether it is working as a document carrier for Faisal bin Abdullah, or Salman bin Abdulaziz Al Saud, doing work for google (which has been one of the most mentally intoxicating and invigorating environments ever) or merely finding new data solutions, working through data and solving the puzzle I see. So is North Korea a real threat or a perceived one? The safe bet is too see them as a real threat as they have access to Uraninite. You see, the world tends to be a little more complex than that. Having the stuff is not enough, getting the delivery method working correctly is an entirely different matter. It can be by having people from Pyongyang masked as South Koreans attending international universities in science and engineering would be a first, which is not that far a stretch. I literally (by accident) I told this Korean student “Does your family still have that bar in Pyongyang?“, he turned pale and said ‘How did you know that?‘, which was not the response I was going for, but OK, such is life, full of surprises. So as you ponder this, wonder on how China has little or no worry. If North Korea ever actually launches a missile towards America, do you think that the President of the USA would not instantly retaliate (especially the current one), what happens to places like Shenyang (in China), also consider whatever hits the water will make fishing no longer an option for decades, Japan learned that the hard way, so there you have it. In addition, we have seen the North Korea military look at systems like they were magical and those were computers the current European generation laughs at. That can be corroborated by the press as they were on a North Korean press tour a little over a year ago. The ‘minders‘ of those groups had NEVER seen a smart phone. I think that North Korea talks a lot, but for now has no real byte. Now the last part of that the Podesta group is a professional organisation. So was it merely an opinion piece or was the article their business, business they charge for? I will leave you with that thought.

The older American would look at the danger of pensions, which we also see in the Washington Post (athttps://www.washingtonpost.com/news/powerpost/wp/2017/05/18/trumps-budget-calls-for-hits-on-federal-employee-retirement-programs), the article ‘Trump’s budget calls for hits on federal employee retirement programs‘ describes on how it impacts. The article is a really good read and gives me the feeling that US retirement plans are an awful mess, with the additional danger that they seem to be running dry slightly too soon, which is what you get with a 20 trillion-dollar debt I reckon. The quote “A preliminary budget document released in March called for a domestic discretionary budget decrease of $54 billion, with an equal increase for defense, homeland security and veterans. Nineteen 19 small agencies would be eliminated, along with their workforces“, the additional “Increasing the FERS employee contribution would result in the average federal employee losing nearly $5,000 per year in take home pay, that’s per year after the phase-in is finished, he estimated. “Phasing this outrageous pension cut in over several years does not make it any more palatable. If this change is made, federal employees will no longer have a secure retirement. Period.”” is even more food for thought. The one equaliser in American business has for the longest time been that those people had a secure retirement, when this is off the table the one part of quiet governmental officials was that there was a long term benefit, with that off the table the environment in government positions will change. Now, we might think that this is not a bad thing, but it will result in chaos, and when we have seen and known that the American infrastructure has no real way to deal with chaos in its ranks, we will see different whirly waves of discontent, a few will leave marks on everyone. So when we read “The budget proposal President Trump plans to unveil Tuesday would give to federal employees with one hand, while taking away with five others” is an interesting one and I reckon that when the full paper is released this coming Tuesday, the US national papers will give it high visibility, because the United States federal civil service has a total of around 3 million people, which is 1% of the US population, making it decently important to cater to them. Perhaps those trying to sell the change might have been better off talking to the Podesta group first?

For me, the news was not in a newspaper. It was found in Digital health article. It re-iterated the issue of ‘urgent change‘ I voiced in my blog yesterday. In there I showed the NHS digital part regarding the endgadget quote “NHS digital had notified staff on patches” which would have diminished the Cyber attack gives us two sides. One, would there have been diminished damage, because that would suffice as evidence. Yet in Digital health we see: “a small team of developers is recommending the health service reduce its reliance on Microsoft“, which is overall not a bad idea, yet the NHS is too big to just make a shift in policy like that. I would be in favour of a shift towards something a lot safer like Linux, but that requires expertise. Another option is to rely on an android option where the NHS is all about apps, equally optional, but it will require massive amounts of resources on programmers, testers, upgraders and cyber monitoring. All these options require a drastic shift in IT operations. When we accept that in too many places there is no minding the NHS IT store (by not patching) the dangers will increase. As I quoted: “It is also my personal belief that in many cases the person claiming ‘urgent action is needed’ is also the person who wants the ‘victim’ to jump the shark so that they can coin in as large a way as possible“, which is what we see right here in the article. Now consider the quote: “To demonstrate that there is a licence-free alternative, GP Marcus Baw and technologist Rob Dyke have adapted the open source Linux-based Ubuntu operating system specifically for the NHS. They call it NHSbuntu“. So why not just use the foundation called Ubuntu? I cannot judge the intent (noble or not), but consider that technologist Rob Dyke has to pay for rent and so much, where is his interest? Do not get me wrong, we should not just dismiss any idea that might work, yet will it? You see any IT environment needs oversight and maintenance. The NHS is in no position to make such drastic changes as it is short on basic needs (nurses and doctors), I do agree that the IT needs to be addressed, yet two Labour governments wasted the IT budget of close to 10 years, lets leave it alone until we can actually address solutions. In this, one additional quote from Beta News. they give us “The report reveals that 12.8 percent of non-Microsoft programs were un-patched in the first quarter of this year“. If patching is so important, and it is, why give voice to 12.8% of additional risk? As stated, I am no Microsoft fan, but it does work in the current NHS environment and if we believe NHS Digital and the trusts do actually patch their stuff, the danger would have been a lot lower. As the evidence is at present, this issue would have been addressed by mere policy and replacing those not adhering to it might be the cheapest and best solution. In all this IT News gives us one more part, the fact that Microsoft is actually releasing a patch for operating systems that are no longer supported is also evidence. I do not see it as merely “to protect the company’s customer ecosystem“, which is a decent answer if you believe that. You see they could have merely told the customers to freely upgrade to Windows 10. I believe that, as they state it “to protect users against NSA-derived ransomware“. I believe that someone has evidence on a Microsoft-NSA cooperation in the beginning of the data snooping age and somehow the makers of the Ransomware (less and less likely to be North Korean) got access to the information needed. I reckon that anyone upgrading will be removing the digital evidence on their computers of that event. If you doubt me, consider the quote in that same article “Current versions of WannaCrypt use two exploits leaked by the ShadowBrokers hackers, who gained access to systems at The Equation Group, which is linked to the United States NSA, last year“, if that is true, how did North Korea get this? If they are good enough to be allegedly part of the NSA (source: Kaspersky), how come that the bulk of the cyber intelligence world has no knowledge of North Korea being such a threat against a player like that? It does not matter how it got out. Whether it was a disgruntled ex-employee. Some hacker that got sucked and suckered by a honey trap, there are enough options nowadays. The reality is that somehow the intel got out. It is being addressed and fixed. It does not make the issue go away, it merely tells us that remaining up to date and properly patched was the way to go. Urgently addressing does apply to systems being reasonable up to date, which does mean that there are costs, pushing yourself away from Microsoft (not the worst idea) comes with a cost, one that the NHS cannot afford, no matter how ambitious it seems and they got plenty of that, especially with non working systems. So, lets not make that error twice!

So when you wonder where you need to focus, I am merely suggesting that when your private house is in order, consider playing a video game or watch a nice blu-ray. It seems to me that a balanced life is the most important thing you can arrange for yourself, let the circus play its game and decide not to watch every show they offer, in the end it could just be merely Direct Marketing.

Get what you actually need, not what others state you need!


Leave a comment

Filed under Finance, IT, Media, Military, Politics, Science