Tag Archives: Robert Hannigan

September 1, 2017 · 12:43

Want to bet on that?

The Guardian released a story last night, it released something a lot more important than you and I initially considered. You see, it intersects with articles I wrote in 2014, yet until today, and as we recently saw the issues that the Bank of England reported on, I now see a part I never considered, because, unless you are a banker it would not make sense. I admit that from the mere consumer point of view it seems like dodgy, even counterproductive to good business. So, I did not consider it, I did not inform you and for that I apologise. The writer of this story did not inform you either, but it was not the focus of her story so Mattha needs not apologise at all. Yet what is happening is a lot more important than you and I think and if I grasp back at what I found in 2014, there is every indication that GCHQ is actually aware of the situation, yet they decided to do nothing, endangering the sanity and social security of thousands of Britons, so should they apologise? Should Robert Hannigan, director of GCHQ apologise? I believe so, he should also get grilled in both houses (Lords and Commons), but that is not for me to decide (life would be so much fun if it was).

So as we are set in this path, let me explain what happened as per last night. Mattha gave us (at https://www.theguardian.com/society/2017/aug/31/gambling-industry-third-party-companies-online-casinos) the issue ‘how gambling industry targets poor people and ex-gamblers‘ the start is already an explosion of question by themselves. With: “The gambling industry is using third-party companies to harvest people’s data, helping bookmakers and online casinos target people on low incomes and those who have stopped gambling, the Guardian can reveal” we need to ask questions, but let me continue and give you a few more parts on these goods. the next items are “The revelations will add to calls for tighter regulation of the gambling industry more action to address problem gambling after the news on Thursday that online betting firm 888 had been penalised a record £7.8m because more than 7,000 people who had voluntarily banned themselves from gambling were still able to access their accounts“, as well as “The data is often gathered from raffle sites that offer cash prizes and gifts in weekly giveaways, he said. To apply for the prize draws, users must usually provide their name, date of birth, email and address. He claimed raffle companies would then sell the data, something customers have sometimes unwittingly consented to in lengthy terms and conditions agreements. One such site states: “The following sectors [including gambling] are the industry types you can expect to receive products, information, services or special offers from.”“. With these three quotes we have the first part of the equation filled. The article gives a lot more, but for now, here, that is what we need. So we see that people sign up for things they do not understand (we all do that), and for the most the initial thought was harmless enough. I have signed up for free premiere movie tickets, some of us for fashion items or even something as innocuous as a free bottle of perfume or after shave. It seems so harmless and when it comes to products it usually tends to be. Yet when it comes to free trips to certain destinations, for some of us, red flags go up, but at that point it is usually too late, we have already given out our details.

Now, we go back to January 2014. In my blog ‘Diary for a wimpy President‘ (at https://lawlordtobe.com/2014/01/18/diary-for-a-wimpy-president/) I set the stage that includes GCHQ. The setting was theft of IP on a massive scale, yet it was on equal terms the issue we see more common, the theft of personal data. The questions I posed were:

  • Have you identified your organisation’s key information assets and the impact it would have on your organisation if they were compromised or your online services were disrupted? [Alternative: what data is bankable?]
  • Have you clearly identified the key threats to your organisation’s information assets and set an appetite for the associated risks? [Alternative: what data is accessible?]
  • Are you confident that your organisation’s most important information is being properly managed and is safe from cyber threats? [Alternative: the value management of data you think you own]

it came with the footnote: “The alternative are not just views I opt for, consider that the data collection field goes into open commercial hands as it could be presented by March 31st, what are your options to purchase certain buckets of data?

We are now on par in the two sides, my blog three years ago and the new iteration that the Guardian shows. I admit, the Guardian shows a side I never considered before last night. You see, with the quotes we saw mentioned by me, we need to add the third side to what is not a pyramid, but optionally the specific view on a cube, or even more disturbing a buried dipyramid. Now, we cannot expect people to realise that this is happening, but GCHQ knew, there is no way it did not know, and missing that is a career breaker plain and simple. You see, to give you that part, we need to add the following items. The first was seen on August 21st with ‘UK credit and debit card spending ​growing​ at fastest rate since 2008‘. We need to keep a check on the quote “The number of card transactions increased by 12.3% over the year to the end of June, according to the banking trade body UK Finance, coming amid a boom in consumer debt that has been raising alarm bells at the Bank of England. The pace of growth in card payments was 10.6% in the 12 months to the end of December“, the second quote comes from two days ago in the Guardian. Here in the article ‘Credit card lenders ‘targeting people struggling with debt’‘ we see the two parts “Citizens Advice finds almost one in five people struggling with debts have had their card limit raised without request” as well as “Unsecured lending is returning to levels unseen since the 2008 financial crisis, raising alarm bells at the Bank of England that consumers may struggle to repay loans in another economic downturn, thus putting financial stability at risk“. I believed this to be a bad business practise, yet until last night I did not give it the merit it should have had. You see commercial bankers are for the most without a moral compass at best, what if they are joining hands with gambling places that do not care how they get the money? The banker gets the bonus because business was booming and his (or her) moral compass is limited to the cash leaving the door without the use of criminal activity, beyond that they will not care. Yet with hundreds of thousands getting into this scrap. How many gambled the gained credit? How many pushed a chance for instant wealth into a decade of depression without options? The weird part is that GCHQ had to be aware, they are our (mainly the UK) watchdogs and they let this just go on. The questions I asked three years ago show that GCHQ should have been aware and monitoring. If they did not do that, then we have a case of negligence that surpasses the age of MI5 and the Cambridge 5. the funny part in this is that those 5 “were contemporaries at Cambridge University in the 1930s, and were attracted to communism mainly because of the Wall Street crash” and now we see that the same thing is happening for merely the same bloody reason (but those tend to be on the other side of the exploitative equation nowadays), yet now every gambling capitalist gets to enjoy the fallout, or is that out falling?

The evidence?

Yes, some elements will demand the evidence. In my view we merely have to compare the two lists, one showing the unrequested credit rises and the second list are those on the gambling marketing list, with any surpass of 5% being enough to be seen as significant evidence. This now gives two issues, the one is speculative when we go with ‘Is this a shady move for banks to push Brexit out of the way?’ You might think this is conspiracy theory, but is it? How many setbacks can the UK deal with before the banks cry foul and beg for Brexit to be delayed because they are too big to fail? Is it that farfetched? I don’t believe so. The second part is on the location of the location of the gathered online betting location and how these ‘marketing lists‘ all made it out of the UK and in several cases out of the European Union, which now puts the actions (read: non actions) of GCHQ on the firing line of enquiries and inquisitive questions on how they are keeping the people of the UK safe. We might argue (and I would) that people who gamble only have themselves to blame, yet when we see ‘more than 7,000 people who had voluntarily banned themselves from gambling were still able to access their accounts‘, we see that the odds are intentionally stacked against them and I believe that ‘Gambling firm 888 penalised record £7.8m for failing vulnerable customers‘ is a joke, I consider that giving them a £78 million penalty would have been too soft for them, especially as their growth surpassed 63% in 2016. And that is merely ONE gambling holding. The issue is growing at an alarming rate, even as we see how in Australia councils are drawing lines on ‘out of bounds areas‘ whilst with such amazement that the new casino that is currently being built on the order of bad boy jimmy Packard is (with surprising amazement) to be exactly outside certain zoning issues, just like Star Casino, giving him all the freedom he needs and get to play without any level of limitation. Let’s just mark that one up to ‘coincidence‘ shall we?

That example shows a certain complacency between councils and certain playing players and we now see that such levels are apparently happening in the UK for online gambling and we see that there is no way that GCHQ was unaware, we merely need to wonder why there was no political intervention, because that question is becoming more and more important.

Issues, shown from 2014 onwards give rise to non-protectionism of an unacceptable shady character. The act that the Guardian now shows that certain players are given a wide berth of that gives them degrees of freedom that no company in the UK ever gets is also giving questions to the status of banks and lenders and whether we should allow them to operate in the UK. If you wonder about this statement you only have to consider the triggers of bankruptcy, personal insolvency and how it is that these lenders will get paid either way, through either collection or write offs. What happens when they are no longer allowed to write off these bad business actions? What happens when it needs to come from their own ‘profits’ and ‘bonus schemes’? How long until suddenly the online casino’s and lenders walk away and continue that in places where they can exploit all they like?

Can you now see that you are placed in an increasingly difficult place to grow the stability of your family? If not, consider that you might not be the gambler, but you are a member of that bank or lending corporation. If they cannot write off, they will charge you through the services you receive, either through administration fees or interest percentages. You would (and rightly so) complain about these fees, so you want no change, which is what they are banking on and that should not be allowed. The final statement in the article is also important. With “In a longer statement to its investors, the company said it had taken action to fix its self-exclusion systems, which it said arose when customers who self-excluded from some of its brands were able to gamble with others” we are confronted with the question that seeing ‘fix its self-exclusion systems‘. You see, I believe that they never properly worked in the first place; leaving us with the intent that they had too much to lose enforcing ‘self-exclusion‘ which in my book makes them guilty of intentional and reckless corporate negligence.

You see when we consider that courts are less willing to cut off liability due to intent, the scope of Liability in Intentional Torts is now a given. The plaintiff would be entitled to see the entire engineering part of the ‘self-exclusion system’ and with the failing it holds whoever goes after house 888 might have a legal setting to regain all their losses. Yet that is merely one online gambling house. The fact that none of them want to truly cooperate gives rise to the notion that too many players don’t want the broken system to be fixed, not until after they got out of it whatever they could and such a knowledge tends to give consideration that the burden on GCHQ will be higher and needs to be higher. Yet will the burden be unjustly set too high? Because that is the clear direction we seem to be going to and that is equally unjust. In the end it will turn out to be a counterproductive situation.

Are you willing to place a bet on any outcome here?

 

Leave a comment

Filed under Finance, Gaming, Law, Media, Politics

Tagged as , , , , , , , , , , , , , , , , , , , ,

October 8, 2016 · 14:26

What did I say?

Last night I got a news push from the Washington Post. It took me more than a second to let the news sink in. You see, I have been advocating Common Cyber Sense for a while and apart from the odd General being ignorant beyond belief, I expected for the most that certain players in the SIGINT game would have their ducks in a row. Yet, the opposite seems to be true when we see ‘NSA contractor charged with stealing top secret data‘ (at https://www.washingtonpost.com/world/national-security/government-contractor-arrested-for-stealing-top-secret-data/2016/10/05/99eeb62a-8b19-11e6-875e-2c1bfe943b66_story.html), the evidence becomes blatantly obvious that matters in the SIGINT industry are nowhere near as acceptable as we think they are. The quote “Harold Thomas Martin III, 51, who did technology work for Booz Allen Hamilton, was charged with theft of government property and unauthorized removal and retention of classified materials, authorities said. According to two U.S. officials familiar with the case, he is suspected of “hoarding” classified materials going back as far as a decade in his house and car, and the recent leak of the hacking tools tipped investigators to what he was doing“, so between the lines we read that it took a mistake after a decade for the investigators to find out? No wonder the NSA is now afraid of the PLA Cyber Division!

In this light, not only do I get to tell you ‘I told you so‘, I need to show you a quote from July 1st 2013, where I wrote “So if we consider the digital version, and consider that most intelligence organisations use Security Enhanced Unix servers, then just accessing these documents without others knowing this is pretty much a ‘no no’. EVEN if he had access, there would be a log, and as such there is also a mention if that document was copied in any way. It is not impossible to get a hold of this, but with each document, his chance of getting caught grows quicker and quicker“, so I questioned elements of the Edward Snowden case, because my knowledge of Security Enhanced Unix servers, which is actually an NSA ‘invention’, now it seems to become more and more obvious that the NSA has no flipping clue what is going on their servers. They seem to be unaware of what gets moved and more important, if the NSA has any cloud coverage, there is with this new case enough doubt to voice the concern that the NSA has no quality control on its systems or who gets to see data, and with the involvement of a second Booz Allen Hamilton employee, the issue becomes, have they opened up the NSA systems for their opponents (the PLA Cyber division being the most likely candidate) to currently be in possession of a copy of all their data?

If you think I am exaggerating, then realise that two people syphoned off terabytes of data for the term of a decade, and even after Snowden became visible, Harold Thomas Martin III was able to continue this for an additional 3 years, giving ample worry that the NSA needs to be thoroughly sanitised. More important, the unique position the NSA had should now be considered a clear and present danger to the security of the United States. I think it is sad and not irony that the NSA became its own worst enemy.

This is seen not in just the fact that Harold Thomas Martin III moved top secret data home, whilst he was at work a mere FSB or PLA intern could just jimmy the front door and copy all the USB devices. So basically he was potentially giving away data on Extremely Low Frequency (ELF) systems, which would be nice for the PLA Cyber Unit(s), as they did not have the capacity to create this themselves. So whilst they were accused for allegedly trying to get a hold of data on the laptop of Commerce Secretary Carlos Gutierrez (2008), they possibly laughed as they were just climbing into a window and taking all day to copy all the sweet classified data in the land (presumption, not a given fact). So he in equal measure pissed off the US, India and Russia. What a lovely day that must have been. In that regard, the Affidavit of Special Agent Jeremy Bucalo almost reads like a ‘love story’. With statements like “knowingly converted to his own use, or the use of another, property of the United States valued in excess of $1,000“. Can we all agree that although essential and correct, the affidavit reads like a joke? I mean that with no disrespect to the FBI, or the Special agent. I meant that in regard to the required personal viewed text: “Harold Thomas Martin III, has knowingly and intentionally endangered the safety and security of the United States, by placing top secret information and its multi-billion dollar value in unmonitored locations“, I do feel that there is a truth in the quote “The FBI’s Behavioural Analysis Unit is working on a psychological assessment, officials said. “This definitely is different” from other leak cases, one U.S. official said. “That’s why it’s taking us awhile to figure it out.”“. It is my personal view that I agree with this, I agree because I think I speculatively figured out the puzzle. He was a reservist, Reserve Navy and a Lieutenant at 51. So the Navy might not see him as ‘full’ or ‘equal’, this might have been his way, to read these documents at night, knowing that they will never have this level of clearance for such an amount of Top Secret information. With every additional document he would feel more in par with Naval Captains and Admirals, he would feel above all the others and if there was ever a conversation with people who did know, he had the option to leave the slightest hint that he was on that level, perhaps stating that he was also an NSA contractor. He star would suddenly be high with Commanders and higher. It is a personal speculation into the mind of Harold Thomas Martin III.

When we look at 18 U.S. Code Chapter 115 – TREASON, SEDITION, AND SUBVERSIVE ACTIVITIES. We see at paragraph 2381 “Whoever, owing allegiance to the United States, levies war against them or adheres to their enemies, giving them aid and comfort within the United States or elsewhere, is guilty of treason and shall suffer death, or shall be imprisoned not less than five years and fined under this title but not less than $10,000; and shall be incapable of holding any office under the United States“, now if we see the following elements ‘giving them aid and comfort within the United States‘ and the other elements are clearly stated as ‘or’ a case of treason could be made. In my view a person like that was guilty of treason the moment Top Secret materials were removed or copied from there assigned location and without proper clearance moved to an unsecure location. As an IT person Harold Thomas Martin III should have known better, there is no case of presumption of innocence. The fact that I made a case that he might have a mental issues does not mitigate it in any way, to do this in excess of a decade and even more insidious to do this for years after Edward Snowden got found out is also matter of concern.

The NSA has a sizeable problem, not just because of these two individuals, but because their servers should have has a massive upgrade years ago, in addition, the fact that contractors got away with all this is in equal measure even more insulting to a failing NSA. I can only hope that GCHQ has its ducks properly in a row, because they have had 3 years to overhaul their system (so tempted to put an exclamation mark here). You see, we have all known that for pretty much all of us, our value is now data. No longer people, or technologies, but data and to see 2 cases at the NSA, what was once so secret that even the KGB remained clueless is now, what we should regard as a debatable place. This should really hurt in the hearts of those who have faithfully served its corridors in the past and even today. In addition, the issues raised around 2005 by the CIA and other agencies regarding the reliability of contractors is now a wide open field, because those opposing it and those blocking data integration are proven correctly.

This now gets us to a linked matter. You see, it is not just the fact that the government is trailing in this field, because that has been an eternal issue. The issue is that these systems, due to the likes of Harold Thomas Martin III and Edward Snowden could be in danger of intrusions by organised crime.

For those thinking that I am nuts (on the road to becoming a Mars bar), to them I need to raise the issue of USB security, an issue raised by Wired Magazine in 2014. The fact that the USB is not just used to get data out, if malware was added to the stick, if it was custom enough, many malware systems might not pick up on it and that means that whomever got into the house, they could have added software, so that on the next run to copy a project, the system might have been opened up to other events. There is no way to prove that this happened, yet the fact remains that this is possible and the additional fact that this was happening for over 10 years is equally disturbing, because it means that the NSA monitoring systems are inadequate to spot unauthorised activities. These elements have at present all been proven, so there.

I think it is time for TRUSIX to convene again and consider another path, a path where USB sticks get a very different formatting and that its embedded encryption require the user, the location and the hardware id to be encrypted within the stick, in addition the stocks need to work with a native encryption mode that does not allow off site usage. Perhaps this is already happening, yet it was possible for Judas tainted Highwayman Harold to walk away with the goods, so something is not working at present. I am amazed that a system like that was not in place for the longest of times. I certainly hope that Director Robert Hannigan at GCHQ has been convening with his technology directors. In addition that there are some from Oxford and some from Cambridge, so that their natural aversion to the other, will bring a more competitive product with higher quality, which would serve all of GCHQ. #JustSaying

The one part where this will have an impact is the election, because this has been happening during an entire Democratic administration, so that will look massively sloppy in the eyes of pretty much every one, too bad Benghazi emails were not left that much under the radar, because that could have helped the Clinton election campaign immensely. Still, there are technology and resource issues. The fact that Booz Allen Hamilton gets mentioned again is unfortunate, yet this should only be a partial focus as they have 22,000 employees, so statistically speaking the number of transgressions is in that regard insignificant. What is significant is how these two got vetted and passed all their clearances. In addition to this there is the issue of operation centres. You see, if there has been data breaches, have there been system breaches? The question derives directly from the fact that data was taken off site and there were no flags or alerts for a decade. So at this point the valid question becomes whether NSOC and NTOC have similar flaws, which now places US Homeland Security in speculated direct data dangers. My consideration in this regard came from earlier mentions in this article. If any US opponent has a clue in this regard, what would be the repercussions, in addition, the question (due to my admitted ignorance) would be, did Edward Snowden have any knowledge of Harold Thomas Martin III, if so, was this revealed in any conversation Snowden would have had with a member of the FSB (there is absolutely no doubt that they had a ‘conversation’ with Edward Snowden whilst he was in sunny Moscow. If so, what data dangers is Homeland Security facing? If data was copied, it is not impossible that data was moved. If that has happened, any data event with any specific flag?

Now the next example is purely fictional!

What if conditionally an <!important> (or whatever flag the NSA uses in their data sets) was added or removed? If it was used to give weight to certain data observations, like a cleaning pass, the pass would either be useless, or misdirecting. All possible just because Harold Thomas Martin III had to ‘satisfy’ his ego. This is not whether it happened or not, this is about whether it was possible, which would give added voice to the NSA issues in play and the reliability of data. This is a clear issue when we consider that false journalistic stories give way to doubt anything the journalist has written, any issue with a prosecutor and all those cases need reviewing, so do you think it is any different for IT people who have blatantly disregarded data security issues? This is not some Market Researcher who faked response data, this is collected data which would have been intervened with, endangering the people these systems should protect. As stated, this is speculative, but there is a reality in all this, so the NSA will need to sanitise data and sources from the last 10 years. There is no telling what they will dig up. For me it is interesting to see this regarding Snowden, because I had my issues with him and how he just got data away from there. Now there is a chance that the NSA gets to rename their servers to NSA_Siff_01 to NSA_Siff_nn, wouldn’t that be the rudest wake up call for them? I reckon they forgot the old rules, the one being that technology moves at the speed of your fastest employee + 1 and the human ego remain the most dangerous opponent when it involves security procedures.

 

 

Leave a comment

Filed under IT, Law, Media, Military, Politics

Tagged as , , , , , , , , , , , , , , , , , , , , , , , , , , ,