Tag Archives: Shalev Hulio

Two unrelated issues

OK, today is not the day to piss off Alexander Bortnikov, I wanted to do that just to celebrate his 11th anniversary of him being the Director of the FSB, as such my sense of humour demands that I would put a whoopi cushion on his car seat, alas, I could not get close, someone decided to try a novel approach to the concept of Suicide by Cop (at https://www.theguardian.com/world/2019/dec/19/moscow-shooting-russia-people-shot-dead-intelligence-agency), instead of pushing the buttons of a militia officer, we see the apparant acts of a looney tunes person who decided to fire on the reception of Federal Security Service, that is an act that will get you killed and he did. Now, let’s be clear, there is a reason to bring this up. You see there is one building in Moscow (basically in the entire CCCP), where the most vile, the most feared and the most despicable member of any Russian criminal organisation takes a detour, it is the Lubyanka building, the headquarters of the FSB in Moscow. Consider some Bratva captain, 120 Kg of muscles, fearless and life ignoring person ends up shaking and like a little girl that is crying, the cause would be one building in Russia that does that. So when a person comes around shooting at its reception, I tend to call that a novel way to invite Suicide by Cop and I cannot fathom the desperation from life that a person has to pull that off (there are 999 other ways to go with 99.99999% certainty and most of them are 100% less painful and scary), optionaly as distractions go, it is perhaps the worst one yet. 

Oh, and there is not some special required form of data intelligence required, we could argue that the fear for that building is handed to any Russian citizen when they start school, so for the life of me I can not figure out why someone would be this stupid, it is like grabbing a bucket of water from the Volga in Saratov and personally dumping the bucket in he Caspian Sea, not only meaningless, but you end up being alive at the end of that journey, attacking the FSB building with anything less than an entire army and your chances to survive become a whole lot less certain. Yet in all that, the fact that the attack made several newsgroups is important, you see, the news never sleeps, yet they do get to filter what we hear. 

From the Israeli news desk

The Guardian (at https://www.theguardian.com/world/2019/dec/19/israeli-spyware-allegedly-used-to-target-pakistani-officials-phones) (as well as Israeli Newspapers, give us ‘Israeli spyware allegedly used to target Pakistani officials’ phones‘, with the byline ‘NSO Group malware may have been used to access WhatsApp messages for ‘state-on-state’ espionage’, news that made a lot less newspapers on a global scale, is that not weird? Now, I am not stating whether there is validity, I am not stating on behalf of the NSO Group that it is false, yet this private firm founded by Niv Carmi, Omri Lavie and Shalev Hulio is showing to be an expert company in acquiring information. The papers need to guard their words and I get that, yet when we see anonymous sources and “those who could have been compromised” I feel like I am in a play that I have seen before. The more important part is “All the suspected intrusions exploited a vulnerability in WhatsApp software that potentially allowed the users of the malware to access messages and data on the targets’ phones“, yet it seems that there is not really that much taste for the weakness of the makers, is there?

When get the optional state where we see “The lawsuit claimed intended targets included “attorneys, journalists, human rights activists, political dissidents, diplomats, and other senior foreign government officials”” and in that state I would make the demand ‘can we see those names please?‘ Yet it is a personal demand that will not be answered, there is too much doubt on the who did what and who wanted to know. I have a little more faith in “NSO has said it will vigorously contest the claim and has insisted that its technology is only used by law enforcement agencies around the world to snare criminals, terrorists and paedophiles“, you see that is a business approach to intelligence that brings money on the table and Yes, there is a chance that someone wanted to know more about certain Pakistani, yet that list given by Facebook is just a little too weird, yet the names might brighten up the need for it, and as we are treated to “The alleged targeting of Pakistani officials gives a first insight into how NSO’s signature “Pegasus” spyware could have been used for “state-on-state” espionage“, it is the difference of stance, the state of ‘alleged‘ that brings the doubt. In the article I do not disagree with “This kind of spyware is marketed as designed for criminal investigations. But the open secret is that it also winds up being used for political surveillance and government-on-government spying” for that we need to say that John Scott-Railton is seemingly completely correct, yet in all this, we see and identify a timeline and it becomes more and more apparent that not only did other interest groups (CIA, FBI, MI-5, MI-6, DGSE, et al) need this weakness, we see a longer timeline and we wonder what WhatsApp and Facebook have done about it so far. More important, why would any official use something like WhatsApp? I mean for private use, yes, yet for their business phone? It is the application of Common Cyber Sense that is lacking here and to give all that data to Facebook (WhatsApp) is calling some parts into question. CBS News gave the people in 2018 ‘WhatsApp co-founder: “I sold my users’ privacy” to Facebook‘, I get it! Cambridge Analytica changed a lot, but so it would have changed a lot for state players, as such the act of pushing for WhatsApp in government and secure conversations, it does not make sense. CBS also gave us in 2018 “U.S. intelligence agencies have said that Russian actors used Facebook and Instagram to wage a campaign of disinformation in the election” and if WhatsApp and Facebook are owned by the same person we see the even larger lack of Common Cyber Sense. WhatsApp has been the name in Scandals in 2017 and 2018 as well, so when the needed question ‘Why is a state player using WhatsApp in the age of Common Cyber Sense?‘ comes out, we see that the bulk of people, hacktivists and journalists have not asked this question, just like the weird part where we all look at the attack on Lubyanka, and no one looks beyond a certain point. 

This view does not exonorte the NSO group, yet it is asking larger questions that take the group out of the field of vision and looks at the larger issues. More important the claim “While it is not clear who wanted to target Pakistani government officials, the details are likely to fuel speculation that India could have been using NSO technology for domestic and international surveillance“, you see pointing at their natural enemy is fun, however the fact that most European intelligence groups want to know about scores of Pakistani is also left off the table, in light of Pakistan and its Middle East connections, so are Israel and America, especially as America is losing foothold in the Middle East, finding any Russsian link to any Pakistani would be worth a lot to them, they lack all plenty of resources there.

You see, there is all the need for action when we see “The government of the Indian prime minister, Narendra Modi, is facing questions from human rights activists about whether it has bought NSO technology after it emerged that 121 WhatsApp users in India were allegedly targeted earlier this year” however everyone is overlooking ‘121‘ as a number. There are 400 million WhatsApp users in India, nobody would get to the 121 users in such a short time, the absence of ‘alleged‘ and optionally ‘so far 121 alleged users have been found‘ is a much larger issue that anyone realises. The fact that there are more questions popping up regarding the alleged NSO software is also overlooked. There is a much larger play in the field and it seems that certain people do not look towards certain players and the absence of Common Cyber Sense is just overwhelmingly staggering. It is almost like you are tired of life and decide to attack FSB headquarters with a gun. 

Yet in all this, the amount of users in Pakistan is also the part we need to look at, you cannot merely check in seconds, this is a not an on the fly solution, so there are all kinds of questions, especially with 1.5 billion users of that app, we see a lack of thoughts, questions and especially software engineers treating the software weakness and this has been going on for quite some time. the fact that the larger collection of media is not getting to this question is just allegedly largely insane. 

So as we consider “users in India were allegedly targeted earlier this year” we need to ask, how long until this glitch is fixed? The fact that certain glitches have been there since 2017 is a much larger concern, but the media does not stop at this point, does it? I reckon they are taking their time looking at the one suicidal person pointlessly attacking Lubyanka.

Two issues that might seem unrelated (and they are not), yet it tells a lot more about the media and state players than you should be comfortable with, feel free to WhatsApp that question to others, the state players will get to it eventually.

 

Leave a comment

Filed under IT, Media, Military, Politics, Science

The side no one seriously looks at

There was an issue, in the Guardian voiced it less than three hours ago as: ‘WhatsApp ‘hack’ is serious rights violation, say alleged victims‘, yet in all this, in all the banter, in all the accusations, the one side not heard is the one not mentioned in any newspaper, why is that? (the article is at https://www.theguardian.com/technology/2019/nov/01/whatsapp-hack-is-serious-rights-violation-say-alleged-victims)

We all see: “More than a dozen pro-democracy activists, journalists and academics have spoken out after WhatsApp privately warned them they had allegedly been the victims of cyber-attacks designed to secretly infiltrate their mobile phones“, in equal measure we see “malware sold by NSO Group, an Israeli cyber weapons company” yet no one discusses the main frame of the mind. No one discusses the fact that WhatsApp got hacked, the fact that a software solution found the software hackable.

We see Facebook, WhatsApp, Pinter, Twitter and no one makes a larger leap on the How. How are these solutions so hackable? There is one voice in the article giving us “One referred to Facebook as “the world’s greatest privacy violator”” At this point you might think that it is merely a way to look at someone else, but it is not. These software vendors are all about sellable and resalable technologies, so they want to make a deal with large corporations who can mine that data to their hearts content, the problem is how to do it without the overbearing amount of oversight, neither side wants that, it would result in uneasy questions and questions that have answers that a lot of people would not want to work on until forced.

And how do you think that NSO technology, a company etched in cyber intelligence and software solutions to find counterintelligence loops would design a way to get into places like WhatsApp and Facebook?

  1. There is a need
  2. There is the opening
  3. Both one and two represent a massive amount of money.

It is that simple and whilst we all want to shout ‘foul, foul’ are we shouting at the right people?

Are we shouting at WhatsApp and Facebook for allowing these gaps to appear in their software? No we do not and we need to wake up. Did you learn nothing from Cambridge Analityca?

The movements of people is worth a lot of money, whilst we all seem hell bent in locking out governments, we open up to commercial enterprises like there is no tomorrow, like there is no hassle there, but that side is the largest hassle of all, they sell some form of access directly to insurances for ‘advertising’ to healthcare clinics for the same reason and they do not care how that knowledge is used. And there is no reason people forget that a company is often no more than its mission statement:  “People use Facebook to stay connected with friends and family, to discover what’s going on in the world, and to share and express what matters to them” The Facebook corporate vision statement in its direct form. There is no mention of data security, there is no need for data arbitration, and none of it is there. The same could be stated about WhatsApp “Our messages and calls are secured with end-to-end encryption, meaning that no third party including WhatsApp can read or listen to them. Behind every product decision is our desire to let people communicate anywhere in the world without barriers” there we see no security affix in regards to from who to who(m). And let’s be direct here the part ‘to let people communicate anywhere in the world without barriers‘ is quite sincere, there is no hiatus on KNOWING who is speaking to who, do they?

That are merely tow basic parts that are ignored and they are open and for sale, places like NSO technology fixed their views on getting to those parts of the equation for their customer. Basically Facebook and WhatsApp let them, that is the part you remain ignorant about and that is why it is happening again and again.

You did not think it was going to be easy did ya!

All these issues would fall away when the stage for secure apps would actually be secure, that is the one part that would stop a lot of this and with smaller apps it will happen, when the app comes to a size of distribution where a few hundred million users will be using it, the need for a secure app will be out in the open, well over a dozen of these apps are out in the open and there is not solution, not until that changes and if it were up to the politicians it will never change, because they need that data too.

So if you want a secure App, you will just have to stop using the one you have until they make a secure edition of the App, now there are a whole range of ideas on how that will be, for example that App will not be free, or in case of Facebook where data is their brainchild, they will figure something out, but until they do none of your data is allowed to be secure.

Doubt my words?

Consider that three programmers were at the foundation of NSO Technology Niv Carmi, Omri Lavie, and Shalev Hulio figured out what internal programmers clearly knew but did not stop to realise and these three founded software to combat terror and crime, Three programmers could see what the 150+ programmers could clearly see in the halls of Facebook and WhatsApp and now we see “the lawsuit described the alleged attacks as an “unmistakeable pattern of abuse” that violated US law” instead of the question: “How was this possible in the first place?

The need to be able to answer that question will reside far and wide in the scope of software developers, it will reside far and wide in the heads of those using these solutions, but not as much in the heads of the developers or the politicians, they know what was there, they knew what was for sale. And in all this the brief reads “More than a dozen pro-democracy activists, journalists and academics have spoken out after WhatsApp privately warned them they had allegedly been the victims of cyber-attacks designed to secretly infiltrate their mobile phones” and no one wonders why there are no politicians on that list? Or perhaps they are the ‘academics’ in all this.

In all this and no one is asking the question ‘Why was the weakness there to begin with?‘ and in all this the entire how come that the pattern of abuse is the one violating US Law and the weakness in the software is not?

Consider that for a moment! #JustSaying

 

Leave a comment

Filed under IT, Law, Media, Politics, Science