Tag Archives: Shalev Hulio

Tools of convenience

It is 01:39, I thought it was going to be a boring Thursday. Yet, there she is, everyones favourite tool Stephanie Kirchgaessner is making another run for it. She gives us ‘Israeli spyware company NSO Group placed on US blacklist’. The article (at https://www.theguardian.com/us-news/2021/nov/03/nso-group-pegasus-spyware-us-blacklist) comes with all posturing, yet no evidence. She gives us “It comes three months after a consortium of journalists working with the French non-profit group Forbidden Stories, including the Guardian, revealed multiple cases of journalists and activists who were hacked by foreign governments using the spyware” yet there are a few sides to consider. This so called ‘consortium of essay writers’ working with the clowns calling themselves the ‘non-profit group Forbidden Stories’ came with insinuations and no evidence. On July 23rd 2021 I wrote ‘From horse to course’, there I gave the readers “but consider that if the media has not released a dashboard of these 50,000 numbers, I believe that my case is rather clear, I would personally consider that list is nothing more than the fabrication of a stakeholder who needs the revenue that the NSO Group currently has”, in addition to that, the BBC gives us (the link is in the same story) “Of the people whose numbers are on the list, 67 agreed to give Forbidden Stories their phones for forensic analysis. And this research, by Amnesty International Security Labs, reportedly found evidence of potential targeting by Pegasus on 37 of those”, so basically they could prove it in no more then 60% of the cases which they call ‘evidence of potential targeting’, I am not debating it, but this setting where we saw a few mentions that the NSO Group pleaded innocence, we need to have evidence, and the whatever you wanna call it pointlessly blaming people without presenting evidence constitutes in my humble opinion a person too useless to consider a valid source of information.

She goes on giving us “The Guardian and others also revealed that the mobile numbers of Emmanuel Macron, the French president, and nearly his entire cabinet were contained on a leaked list of individuals who were selected as possible targets of surveillance”, a leaked list that was opposed by the Verge and a few other sources which I dealt with again in ‘The same gramophone’ (at https://lawlordtobe.com/2021/09/16/the-same-gramophone/) We see several issues with what is stated from a few articles, but the part was that the leaked number list was from 2016, and there were other considerations too, in part that 50,000 numbers represent $600,000,000 in the cheapest configuration and so far, no evidence was ever shown that the NSO Group had made THAT much money. We also get the show of a party line “NSO has said that its spyware is used by foreign government clients to target serious criminals. It has denied that any of its clients ever targeted Macron or any French government officials”, I get that. It does not make the NSO group innocent, but so far the confused tool Stephanie Kirchgaessner and whatever master she barks to are not presenting ANYONE clear evidence. I stated it 6 months ago there too. A top line of what was available and optionally evidence would have been presented and in 6 months none of them did any of that. 

Have we stopped being nations of laws? There is a second side to all this it is seen in the headline  ‘Israeli spyware company NSO Group placed on US blacklist’, we get “Decision against company at heart of Pegasus project reflects deep concern about impact of spyware on US national security interests”, OK that is fair, the US has national interests and as such they have the right to push for their national interests, I cannot and will not debate that, it is their right. I just wished the Guardian had actually done their homework and not hide behind “It comes three months after a consortium of journalists working with the French non-profit group Forbidden Stories, including the Guardian, revealed multiple cases of journalists and activists who were hacked by foreign governments using the spyware”, that and unsubstantiated mentions makes for a shoddy article, one that is debatable on too many sides and degrades the Guardian from their AAA status to a mere B-. Feel free to oppose this, you only have to get actual evidence and so far none of them presented any and several sources debated what some presented, a mess and this is the third time I personally see the name Stephanie Kirchgaessner towards something that I personally regard to be shoddy. Once happens, twice perhaps if the career is long enough, but three times? As I personally see it, the average journalism intern is better than that. 

And no matter how we slice it, Shalev Hulio, NSO’s founder has a larger issue and optionally new avenues to explore. I wonder if that was the content of the meeting that is given to us as “But in the weeks that followed the publication of the Pegasus project, Israeli officials met with counterparts in the US and France to discuss allegations of abuse of the technology.” I think the current administration is shitting bricks, they are scared. The NSO group is the first time in history that a private company had a better grasp of technology then the NSA EVER had. And the next credit ceiling conversations are a mere 7 weeks away, I reckon that the democrats are afraid that any deal towards that comes out into the open from any non-US source. It must be awful to rely on tools you owe big time, but that is merely my take on the matter.

Leave a comment

Filed under Finance, IT, Media, Politics, Science

Retry or retrial?

It is time to revisit a few issues, actually one issue and a whole lot connected to it. To start, I decided to go with The Verge, it has its ducks decently in a row, the article ‘NSO’s Pegasus spyware: here’s what we know’ is the best of them all, they also make reference to a lot of articles, and they have a decent line. The article (at https://www.theverge.com/22589942/nso-group-pegasus-project-amnesty-investigation-journalists-activists-targeted) is best if you read it yourself. Mitchell Clark did a good job, and as you have read the article, I can make a few jumps. The important jump gets us to the Washington Post (at https://www.washingtonpost.com/investigations/interactive/2021/nso-spyware-pegasus-cellphones/). This came from the link in “However, much of the reporting centers around a list containing 50,000 phone numbers” and when we seek the Washington Post article, we get “reporters were able to identify more than 1,000 people spanning more than 50 countries through research and interviews on four continents: several Arab royal family members, at least 65 business executives, 85 human rights activists, 189 journalists, and more than 600 politicians and government officials — including cabinet ministers, diplomats, and military and security officers. The numbers of several heads of state and prime ministers also appeared on the list”, no evidence mind you, merely statement and boasting. I call it boast, because we see there that the Amnesty’s Security Lab examined 67 smartphones all whilst close to 50% had an inconclusive test. If this is 67, what about the other 49,933? So when we get to “NSO chief executive Shalev Hulio expressed concern in a phone interview with The Post about some of the details he had read in Pegasus Project stories Sunday, while continuing to dispute that the list of more than 50,000 phone numbers had anything to do with NSO or Pegasus”, my support goes to Shalev Hulio. The Washington Post has a declining amount of credibility and this does not help. From my point of view, I would have made a dashboard based on the 50,000 numbers with a clear separation, In the top layer the continents, then the countries, where we see number of mobiles, versus number of landlines. This basic setting was never done, how stupid is that? A second dashboard could be the identifying class (journalist, government, lawyer, NGO) just to coin a phrase, the Washington Post was all about emotion, not about fact. I see this as a prime time hack job, with the alleged journo’s being the hacks, we also do not get any level of trustworthy setting on how the leak got to the Washington Post. Question upon question and in the mean time we get to see “In Hungary, numbers associated with at least two media magnates were among hundreds on the list, and the phones of two working journalists were targeted and infected, forensic analysis showed” 4 people and 50,000 numbers, could the article be any less relevant? And the stupidity of the Washington Post does not end, no it goes further with “Amnesty’s forensics found evidence that Pegasus was targeted at the two women closest to Saudi columnist Khashoggi, who wrote for The Post’s Opinions section. The phone of his fiancee, Hatice Cengiz, was successfully infected during the days after his murder in Turkey on Oct. 2, 2018, according to a forensic analysis by Amnesty’s Security Lab”, we see ‘two women closest to Saudi columnist Khashoggi’, so how did they get there? Because the numbers were on the list? And when we see ‘The phone of his fiancee, Hatice Cengiz, was successfully infected’, so how was that evidence obtained? From my point of view the text “according to a forensic analysis by Amnesty’s Security Lab” just does not cover it. It even gets worse with “Also on the list were the numbers of two Turkish officials involved in investigating his dismemberment by a Saudi hit team”, I see it as a weak approach to mention “investigating his dismemberment” which was NEVER proven, the proof requires a body, they never got that, at best the man is theoretically still merely missing. And from there we get to “Khashoggi also had a wife, Hanan Elatr, whose phone was targeted by someone using Pegasus in the months before his killing. Amnesty was unable to determine whether the hack was successful”, consider the text “Amnesty was unable to determine whether the hack was successful”, if that is true, how come we get “targeted by someone using Pegasus in the months before his killing”, how was that timeline proven? It is a simple question, the article is a bad approach to give more visibility to a journalist no one gives a fuck about. I like the quote ““This is nasty software — like eloquently nasty,” said Timothy Summers, a former cybersecurity engineer at a U.S. intelligence agency and now director of IT at Arizona State University”, is it eloquent because the NSA never made it, or because an Israeli company has the lead on this? I wonder what Timothy would have said if this was an NSA application? 

And the Verge is on my side, they give us “WAIT, WHO MADE THIS LIST?”, as well as “At this point, that’s clear as mud. NSO says the list has nothing to do with its business, and claims it’s from a simple database of cellular numbers that’s a feature of the global cellular network”, which is supported by “A statement from an Amnesty International spokesperson, posted to Twitter by cybersecurity journalist Kim Zetter, says that the list indicates numbers that were marked as “of interest” to NSO’s various clients. The Washington Post says that the list is from 2016” and when we consider these quotes and we read the Washington Post article for the shite it seems to be, I wonder who is waking up to the fact that the media, all the other media is merely re-quoting what the Washington Post stated and it is absent of all kinds of facts, or they merely didn’t bother putting the facts there. 

The entire Pegasus setting seems like a Wag the Dog approach to whatever these papers want to create and it is optionally a setting (a speculative one) that this is the push from stakeholders who have an issue with the NSO group, all whilst no credible evidence is given to us that there is an actual issue. And in all this the money trail was ignored, I ignored it too, mainly because I was unaware, yet the Verge was aware and they give us “At the time, the costs were reportedly $650,000 to hack 10 iPhone or Android users, or $500,000 to infiltrate five BlackBerry users. Clients could then pay more to target additional users, saving as they spy with bulk discounts: $800,000 for an additional 100 phones, $500,000 for an extra 50 phones” this implies that the cheapest option would be 500 times $800,000, which gives us $400,000,000 that is a whole lot of cash for a lot of people no one cares about. Yes, there are a few alleged targets that makes the pricing worth it, but with the setting I have, there is no way that the 50,000 numbers make sense, oh and before I forget, if this is a list for multiple sources, how many of the numbers doubled up? Too many questions and the media stupidly reprinting what the Washington Post is giving us makes no sense at all, unless you are a stakeholder with anti-Israel sentiments. 

In this Shalev Hulio is right that he is “continuing to dispute that the list of more than 50,000 phone numbers had anything to do with NSO or Pegasus”, I would too and I found a lot of the disputable issues within an hour, I wonder how shortsighted the media was when they decided to reprint what the Washington Post gave them. So whilst the Guardian gives us ‘the global impact of the Pegasus project’, I merely see a storm in a teacup, because the issues in the Washington Post were never decently vetted on a few levels and that is likely the biggest failing of the media at present. It is merely my point of view and I am happy to state that I could be wrong, but the lack of credible evidence, all whilst the media has a declining level of credibility makes my view the most likely correct one, most likely, because I have not seen the evidence, but as you read the articles, that are all about details, lacking generic evidence, how would you see it?

1 Comment

Filed under IT, Media, Military, Politics, Science

Two unrelated issues

OK, today is not the day to piss off Alexander Bortnikov, I wanted to do that just to celebrate his 11th anniversary of him being the Director of the FSB, as such my sense of humour demands that I would put a whoopi cushion on his car seat, alas, I could not get close, someone decided to try a novel approach to the concept of Suicide by Cop (at https://www.theguardian.com/world/2019/dec/19/moscow-shooting-russia-people-shot-dead-intelligence-agency), instead of pushing the buttons of a militia officer, we see the apparant acts of a looney tunes person who decided to fire on the reception of Federal Security Service, that is an act that will get you killed and he did. Now, let’s be clear, there is a reason to bring this up. You see there is one building in Moscow (basically in the entire CCCP), where the most vile, the most feared and the most despicable member of any Russian criminal organisation takes a detour, it is the Lubyanka building, the headquarters of the FSB in Moscow. Consider some Bratva captain, 120 Kg of muscles, fearless and life ignoring person ends up shaking and like a little girl that is crying, the cause would be one building in Russia that does that. So when a person comes around shooting at its reception, I tend to call that a novel way to invite Suicide by Cop and I cannot fathom the desperation from life that a person has to pull that off (there are 999 other ways to go with 99.99999% certainty and most of them are 100% less painful and scary), optionaly as distractions go, it is perhaps the worst one yet. 

Oh, and there is not some special required form of data intelligence required, we could argue that the fear for that building is handed to any Russian citizen when they start school, so for the life of me I can not figure out why someone would be this stupid, it is like grabbing a bucket of water from the Volga in Saratov and personally dumping the bucket in he Caspian Sea, not only meaningless, but you end up being alive at the end of that journey, attacking the FSB building with anything less than an entire army and your chances to survive become a whole lot less certain. Yet in all that, the fact that the attack made several newsgroups is important, you see, the news never sleeps, yet they do get to filter what we hear. 

From the Israeli news desk

The Guardian (at https://www.theguardian.com/world/2019/dec/19/israeli-spyware-allegedly-used-to-target-pakistani-officials-phones) (as well as Israeli Newspapers, give us ‘Israeli spyware allegedly used to target Pakistani officials’ phones‘, with the byline ‘NSO Group malware may have been used to access WhatsApp messages for ‘state-on-state’ espionage’, news that made a lot less newspapers on a global scale, is that not weird? Now, I am not stating whether there is validity, I am not stating on behalf of the NSO Group that it is false, yet this private firm founded by Niv Carmi, Omri Lavie and Shalev Hulio is showing to be an expert company in acquiring information. The papers need to guard their words and I get that, yet when we see anonymous sources and “those who could have been compromised” I feel like I am in a play that I have seen before. The more important part is “All the suspected intrusions exploited a vulnerability in WhatsApp software that potentially allowed the users of the malware to access messages and data on the targets’ phones“, yet it seems that there is not really that much taste for the weakness of the makers, is there?

When get the optional state where we see “The lawsuit claimed intended targets included “attorneys, journalists, human rights activists, political dissidents, diplomats, and other senior foreign government officials”” and in that state I would make the demand ‘can we see those names please?‘ Yet it is a personal demand that will not be answered, there is too much doubt on the who did what and who wanted to know. I have a little more faith in “NSO has said it will vigorously contest the claim and has insisted that its technology is only used by law enforcement agencies around the world to snare criminals, terrorists and paedophiles“, you see that is a business approach to intelligence that brings money on the table and Yes, there is a chance that someone wanted to know more about certain Pakistani, yet that list given by Facebook is just a little too weird, yet the names might brighten up the need for it, and as we are treated to “The alleged targeting of Pakistani officials gives a first insight into how NSO’s signature “Pegasus” spyware could have been used for “state-on-state” espionage“, it is the difference of stance, the state of ‘alleged‘ that brings the doubt. In the article I do not disagree with “This kind of spyware is marketed as designed for criminal investigations. But the open secret is that it also winds up being used for political surveillance and government-on-government spying” for that we need to say that John Scott-Railton is seemingly completely correct, yet in all this, we see and identify a timeline and it becomes more and more apparent that not only did other interest groups (CIA, FBI, MI-5, MI-6, DGSE, et al) need this weakness, we see a longer timeline and we wonder what WhatsApp and Facebook have done about it so far. More important, why would any official use something like WhatsApp? I mean for private use, yes, yet for their business phone? It is the application of Common Cyber Sense that is lacking here and to give all that data to Facebook (WhatsApp) is calling some parts into question. CBS News gave the people in 2018 ‘WhatsApp co-founder: “I sold my users’ privacy” to Facebook‘, I get it! Cambridge Analytica changed a lot, but so it would have changed a lot for state players, as such the act of pushing for WhatsApp in government and secure conversations, it does not make sense. CBS also gave us in 2018 “U.S. intelligence agencies have said that Russian actors used Facebook and Instagram to wage a campaign of disinformation in the election” and if WhatsApp and Facebook are owned by the same person we see the even larger lack of Common Cyber Sense. WhatsApp has been the name in Scandals in 2017 and 2018 as well, so when the needed question ‘Why is a state player using WhatsApp in the age of Common Cyber Sense?‘ comes out, we see that the bulk of people, hacktivists and journalists have not asked this question, just like the weird part where we all look at the attack on Lubyanka, and no one looks beyond a certain point. 

This view does not exonorte the NSO group, yet it is asking larger questions that take the group out of the field of vision and looks at the larger issues. More important the claim “While it is not clear who wanted to target Pakistani government officials, the details are likely to fuel speculation that India could have been using NSO technology for domestic and international surveillance“, you see pointing at their natural enemy is fun, however the fact that most European intelligence groups want to know about scores of Pakistani is also left off the table, in light of Pakistan and its Middle East connections, so are Israel and America, especially as America is losing foothold in the Middle East, finding any Russsian link to any Pakistani would be worth a lot to them, they lack all plenty of resources there.

You see, there is all the need for action when we see “The government of the Indian prime minister, Narendra Modi, is facing questions from human rights activists about whether it has bought NSO technology after it emerged that 121 WhatsApp users in India were allegedly targeted earlier this year” however everyone is overlooking ‘121‘ as a number. There are 400 million WhatsApp users in India, nobody would get to the 121 users in such a short time, the absence of ‘alleged‘ and optionally ‘so far 121 alleged users have been found‘ is a much larger issue that anyone realises. The fact that there are more questions popping up regarding the alleged NSO software is also overlooked. There is a much larger play in the field and it seems that certain people do not look towards certain players and the absence of Common Cyber Sense is just overwhelmingly staggering. It is almost like you are tired of life and decide to attack FSB headquarters with a gun. 

Yet in all this, the amount of users in Pakistan is also the part we need to look at, you cannot merely check in seconds, this is a not an on the fly solution, so there are all kinds of questions, especially with 1.5 billion users of that app, we see a lack of thoughts, questions and especially software engineers treating the software weakness and this has been going on for quite some time. the fact that the larger collection of media is not getting to this question is just allegedly largely insane. 

So as we consider “users in India were allegedly targeted earlier this year” we need to ask, how long until this glitch is fixed? The fact that certain glitches have been there since 2017 is a much larger concern, but the media does not stop at this point, does it? I reckon they are taking their time looking at the one suicidal person pointlessly attacking Lubyanka.

Two issues that might seem unrelated (and they are not), yet it tells a lot more about the media and state players than you should be comfortable with, feel free to WhatsApp that question to others, the state players will get to it eventually.

 

Leave a comment

Filed under IT, Media, Military, Politics, Science

The side no one seriously looks at

There was an issue, in the Guardian voiced it less than three hours ago as: ‘WhatsApp ‘hack’ is serious rights violation, say alleged victims‘, yet in all this, in all the banter, in all the accusations, the one side not heard is the one not mentioned in any newspaper, why is that? (the article is at https://www.theguardian.com/technology/2019/nov/01/whatsapp-hack-is-serious-rights-violation-say-alleged-victims)

We all see: “More than a dozen pro-democracy activists, journalists and academics have spoken out after WhatsApp privately warned them they had allegedly been the victims of cyber-attacks designed to secretly infiltrate their mobile phones“, in equal measure we see “malware sold by NSO Group, an Israeli cyber weapons company” yet no one discusses the main frame of the mind. No one discusses the fact that WhatsApp got hacked, the fact that a software solution found the software hackable.

We see Facebook, WhatsApp, Pinter, Twitter and no one makes a larger leap on the How. How are these solutions so hackable? There is one voice in the article giving us “One referred to Facebook as “the world’s greatest privacy violator”” At this point you might think that it is merely a way to look at someone else, but it is not. These software vendors are all about sellable and resalable technologies, so they want to make a deal with large corporations who can mine that data to their hearts content, the problem is how to do it without the overbearing amount of oversight, neither side wants that, it would result in uneasy questions and questions that have answers that a lot of people would not want to work on until forced.

And how do you think that NSO technology, a company etched in cyber intelligence and software solutions to find counterintelligence loops would design a way to get into places like WhatsApp and Facebook?

  1. There is a need
  2. There is the opening
  3. Both one and two represent a massive amount of money.

It is that simple and whilst we all want to shout ‘foul, foul’ are we shouting at the right people?

Are we shouting at WhatsApp and Facebook for allowing these gaps to appear in their software? No we do not and we need to wake up. Did you learn nothing from Cambridge Analityca?

The movements of people is worth a lot of money, whilst we all seem hell bent in locking out governments, we open up to commercial enterprises like there is no tomorrow, like there is no hassle there, but that side is the largest hassle of all, they sell some form of access directly to insurances for ‘advertising’ to healthcare clinics for the same reason and they do not care how that knowledge is used. And there is no reason people forget that a company is often no more than its mission statement:  “People use Facebook to stay connected with friends and family, to discover what’s going on in the world, and to share and express what matters to them” The Facebook corporate vision statement in its direct form. There is no mention of data security, there is no need for data arbitration, and none of it is there. The same could be stated about WhatsApp “Our messages and calls are secured with end-to-end encryption, meaning that no third party including WhatsApp can read or listen to them. Behind every product decision is our desire to let people communicate anywhere in the world without barriers” there we see no security affix in regards to from who to who(m). And let’s be direct here the part ‘to let people communicate anywhere in the world without barriers‘ is quite sincere, there is no hiatus on KNOWING who is speaking to who, do they?

That are merely tow basic parts that are ignored and they are open and for sale, places like NSO technology fixed their views on getting to those parts of the equation for their customer. Basically Facebook and WhatsApp let them, that is the part you remain ignorant about and that is why it is happening again and again.

You did not think it was going to be easy did ya!

All these issues would fall away when the stage for secure apps would actually be secure, that is the one part that would stop a lot of this and with smaller apps it will happen, when the app comes to a size of distribution where a few hundred million users will be using it, the need for a secure app will be out in the open, well over a dozen of these apps are out in the open and there is not solution, not until that changes and if it were up to the politicians it will never change, because they need that data too.

So if you want a secure App, you will just have to stop using the one you have until they make a secure edition of the App, now there are a whole range of ideas on how that will be, for example that App will not be free, or in case of Facebook where data is their brainchild, they will figure something out, but until they do none of your data is allowed to be secure.

Doubt my words?

Consider that three programmers were at the foundation of NSO Technology Niv Carmi, Omri Lavie, and Shalev Hulio figured out what internal programmers clearly knew but did not stop to realise and these three founded software to combat terror and crime, Three programmers could see what the 150+ programmers could clearly see in the halls of Facebook and WhatsApp and now we see “the lawsuit described the alleged attacks as an “unmistakeable pattern of abuse” that violated US law” instead of the question: “How was this possible in the first place?

The need to be able to answer that question will reside far and wide in the scope of software developers, it will reside far and wide in the heads of those using these solutions, but not as much in the heads of the developers or the politicians, they know what was there, they knew what was for sale. And in all this the brief reads “More than a dozen pro-democracy activists, journalists and academics have spoken out after WhatsApp privately warned them they had allegedly been the victims of cyber-attacks designed to secretly infiltrate their mobile phones” and no one wonders why there are no politicians on that list? Or perhaps they are the ‘academics’ in all this.

In all this and no one is asking the question ‘Why was the weakness there to begin with?‘ and in all this the entire how come that the pattern of abuse is the one violating US Law and the weakness in the software is not?

Consider that for a moment! #JustSaying

 

Leave a comment

Filed under IT, Law, Media, Politics, Science