Tag Archives: Silkie Carlo

Enabling crime

Thursday saw the light of an unsettling situation, unsettling to some that is. You see the article ‘UK police to lose phone and web data search authorisation powers‘ is very one sided. At https://www.theguardian.com/technology/2017/nov/30/police-to-lose-phone-and-web-data-search-authorisation-powers we see “Senior police officers are to lose the power to self-authorise access to personal phone and web browsing records” and as it ends with “an attempt to comply with a European court ruling on Britain’s mass surveillance powers“, this merely fuels my setting for Brexit. Yet it is not that simple. As people are shouting, screaming and considering how they are allowed, in rights of, and needing privacy. I stopped caring and worrying. When you consider the following parts:

SS7 hack explained (at https://www.theguardian.com/technology/2016/apr/19/ss7-hack-explained-mobile-phone-vulnerability-snooping-texts-calls), in 2016.

Here we see “Hackers can read text messages, listen to phone calls and track mobile phone users’ locations with just the knowledge of their phone number using ‘a vulnerability’ in the worldwide mobile phone network infrastructure“. We hear that something was done. It is given with “Since the exposure of security holes within the SS7 system, certain bodies, including the mobile phone operators’ trade association, the GSMA, have set up a series of services that monitor the networks, looking for intrusions or abuse of the signalling system“. So guess what! It was not or ever solved. It is merely monitored, the moment that this monitoring number is tweaked; organised crime has full access to you. This is only the first piece of evidence that European Laws have been enabling criminals and organised crime.

And with the quote “Reportedly, recent security testing of SS7 by an operator in Luxembourg took Norway’s largest network operator offline for over three hours due to an “unexpected external SS7 event”.” we see clear evidence that the criminals are winning. I wonder if those extremely high paid judges are considering that. Because their claim “mass harvesting of personal communications data could only be considered lawful if accompanied by strong safeguards including judicial or independent authorisation and only with the objective of fighting serious crime including terrorism” has no hold on criminals as they are in it for the money, not terrorism.

So even as the Guardian trivialises the danger in the correct way with “given the billions of mobile phone users across the globe, is small”, yet these criminals are learning and learning really fast. The contact book shows them who is connected to important people (for example @RBS.co.uk or @natixis.fr), that list goes on for a while as the contacts are lining up, the tally shows that the value of that person goes up by a lot. And let’s not forget, this level of data mining can be done with most ordinary computers. So as they are seeking data, downloading dumps for later, 99% gets washed and 1% is kept on the computer. I reckon that 99% gets burned on discs for later use and verification. Lorenzo Franceschi-Bicchierai gave warning in an article on May 4th 2016 (at https://motherboard.vice.com/en_us/article/mg7bd4/how-a-hacker-can-take-over-your-life-by-hijacking-your-phone-number), here we see “In 2014, UK authorities warned that criminals were taking over victim’s cell phone numbers and using them to get into the victim’s bank accounts. Now, a social engineering expert is warning that taking control of someone’s phone number is easier than previously thought, thanks to a code normally made of three letters and six numbers called the Porting Authorisation Code, or PAC“, the consequence is given with “De Vere was simply testing this on numbers he owned, but if he had been a criminal taking over other people’s phone numbers, he could have done real damage. Once in control of the numbers, he said, he could’ve use it to approve bank transactions with SMS notifications, bypass two-factor authentication on online accounts such as Gmail, and do other types of fraud” and that was three years ago. So how many operators have increased their levels of security? When I designed the initial solution towards the UK NHS issues, the largest issue I had was to contemplate a new level of non-repudiation, that person and only that person could have requested the medication for a patient. It is that part that gave me an insight on just how casual the online banking security is and this has seemingly been the case for over three years now.

I do believe that security is on the mind of every bank, yet absolute security is an illusion so they resorted to the bank vault principle. They started to design time based security. When you know that burning a bank vault takes 12 hours, you merely need to walk past it every hour to keep it secure. Even with sensors and other things, bank robberies never stopped, they merely became very rare, or better stated extremely rare being successful. In this online efforts are pushed, yet the same issue stays. Now it can be attempted every Nano second by billions, the banks consider that and see the effort as working because only a few ever get through. Yet the end is not near. As given by CNBC (at https://www.cnbc.com/2017/02/01/consumers-lost-more-than-16b-to-fraud-and-identity-theft-last-year.html). Here we see “15.4 million consumers were victims of identity theft or fraud last year, according to a new report from Javelin Strategy & Research. That’s up 16 percent from 2015“, so even as the bank is not all in this, we see in equal measure “Card-not-present fraud — transactions made online or via phone where the cardholder does not need to present the physical card to complete the purchase — jumped the most, increasing 40 percent compared to 2015“, so this implies that 40% more successful actions. This gives us “In all, thieves stole $16 billion, the report found — nearly $1 billion more than in 2015“. That is just the acts of cyber criminals out for cash. The more organised peers are collecting data for other needs. Inside trading data, options to make large cash drops from intelligence, that is the game that does not bring $16 billion, that is the stuff that brings 1000% more, yes, ten times more than current. The issue of non-repudiation could solve part of that, but the banks suddenly become all about ‘customer care’ and not being a hassle. Because their flood comes from casual use with no extra effort required. Their existence is set on that and ‘non-repudiation’ is a more toxic thought for their KPI’s and bonus needs. Even the trivial: “thanks to fraud protections governing credit and debit cards. The mean cost to the consumer was just $48, down from $56, according to the report“, you see it is not the $48 that matters, it will be the fact that your data is out there that matters, when that is flagged the highly priced job you want will be forever out of your reach, because your data is out there and now we see “We warned the government from the start that the authoritarian surveillance powers in the Investigatory Powers Act were unlawful. It should be a source of deep embarrassment that, less than a year after it passed, ministers have had to launch a public consultation asking for help to make it comply with people’s basic rights.“, from an ideological point of view I would side with Silkie Carlo, Liberty’s senior advocacy officer, yet the other side in me stops this, because if the cyber world is a prison, than you gave the prisoners the keys, you made the prison staff vacate the building and these advocates are stating that they prisoners are still in that prison and the doors are watched. But these prisoners can casually go past every wall, tunnel and high rope out of the building never needing the front door and everyone is now in the dark on what is actually happening in that prison, we did not merely lost oversight, we lost sight and visibility of what is going on and that is also the most dangerous of situations, that is when the people forget that by blocking the government and openly giving this all to criminals they are merely shooting themselves in the foot, demanding that the NHS pay for all the needs, medication and staffing to keep them ‘active’, so as the ‘snooper laws’ are altered, the people are forgetting one part that the article is hiding from them. You see, there is a truth in “Restricting the use of communications data to investigations of serious crime but using an offence carrying a six-month prison sentence rather than the usual three-year threshold so that offences such as stalking and grooming are not excluded“, even as that is true, those facilitating for these criminals because they sold other items like routers and computers, those people are out of the race, they are safe and that changes things because finding those stalkers, paedophiles and groomers just became a lot harder, it will take longer to find them and collect enough evidence to make a case against them. At that point remember that the altered snooping laws just gave those roaches 3 times the span to do damage and do 300% more damage to the number of victims.

Yet that casual usage also comes with other prices. As reported in CNBC we see Paul Stephens, director of policy and advocacy for the Privacy Rights Clearinghouse stating: “Third-party budgeting apps, like Prosper Daily and Mint, also flag unusual spending and suspicious charges. Keep tabs on your credit report for new inquiries or accounts opened in your name, said Stephens. Free sites such as CreditKarma and CreditSesame offer free monitoring, and you can also pull reports from AnnualCreditReport.com. Pay attention to any changes in your credit score, too. “A significant shift in your credit score might be a heads up that there’s something wrong with your credit report,” he said“. So now we have to keep tabs on things we never needed to keep tabs on before, how is that any better? It might not be an issue for 80% of the people, but the 20% that ends up getting hit will be in deeper water, deeper than ever before.

That is a part we do not see and matters will get worse with the upholding of this European ideological agenda bullet point. It was a nice to have in an economy of plenty, but those times are forever over and the rule of land and law seems to be shifting, the question becomes in what direction do you want to see it shift into a direction where every household will be required to have some kind of cyber insurance? How much will that set you back? And when you decide not to take it, what will the cost be when you lose a lot more than the inventory of your house because you were on Barbados or St. John’s? It gets even worse, when one of your litter (I think you call them children) decides to Facebook their friends showing off their new fashion or cool item conquest. What happens when the insurance does not cover the house damage because everyone apparently knew you were out of the country?

That is less and less of a speculation, with “Posting pictures of your holiday on social media could leave you open to being burgled – and have an insurance claim invalidated” is becoming a reality. You see, the insurance companies will phrase it as ‘contents insurance limits the number of consecutive days your home can be unoccupied without invalidating your cover‘, apparently it is already in place in some places. This is an issue that has seen the limelight well over 2 years now, and many also state ‘expect you to take ‘reasonable care’ when it comes to security‘, the ambiguity of that goes beyond close windows and locks, it actually includes you bragging on Instagram that you got lucky and ended up blissfully satisfied 2,000 miles from home.

All these issues are now coming more and more to the surface and you do not get to blame the police for that, you yourself voted to give away the keys and limit the options the police had to stop cyber-crimes. It was all connected, you were merely unwilling to see that floodlight and very soon you will see the impact around you. In a world that is mere and more depending on a credit score, on online savvy actions and on knowing who you divulge information to, you decided to give it all to the criminals out there whilst stopping the police all in the same action. So in all this we watch whilst we blame the police and enable cybercrime with our thumbs as we dabble statements through a non-upgraded smartphone. That too is important, because by the end of this year (more likely Q1 2018) over 15% of the current smartphones in use (android phones) will have a phone that will no longer be patched or updated, meaning that at that point we are all open to new forms of attacks, bigger and to a much larger audience. You can read more about that in Tom’s guide (at https://www.tomsguide.com/us/old-phones-unsafe,news-24846.html). Yet, do not worry, the police will be there.

Oh, they won’t be, you stopped that from happening too. Well, good luck to you!

Advertisements

Leave a comment

Filed under Finance, IT, Law, Media, Politics, Science