Tag Archives: Sir Iain Robert Lobban

September 11, 2014 · 22:28

Enabling cybercrime!

Yes, we are all in the unintentional habit to enable cybercrime. Yet what complications do we face when the one enabling it is not you, me or Joe Worker, but Microsoft or Apple? Where do we stand when we are confronted by companies, so driven by what I consider the useless drive of greed through Marketing, whilst ignoring the technical support department? Do not claim that it does not happen, because I have been witness to such events (though not personally at Microsoft or Apple).

It did not just start with the affair of the 101 nude celebrities, yet it is at the core of the visibility that it drives. It is not with the push by so many to get forced towards Google Search and Facebook Messenger, but that is definitely the debatable event pushing the worry, fear and quite honestly the total distrust of greed and marketability that is overtaking what some seem to laughingly refer to as ‘technological improvements‘.

In this age, we see a growing drive for ease and ‘comfort’, yet a lot seems to be enabling cybercrime and exploitation.

We got the ‘Fear Google‘ event and the expose with a non-dressed Jennifer Lawrence has been cancelled (at http://www.independent.co.uk/news/people/jennifer-lawrence-and-kate-upton-nude-photos-exhibition-cancelled-after-artist-finally-concedes-the-images-were-stolen-property-9723751.html).

Perhaps I am too much of a cynic, but the text “Though not, says the artist behind it, due to legal reasons. But instead because he’s had a moral change of heart“, how about the truth (as I consider it to be), ‘the pressure of Jennifer Lawrence has given my expose ALL the publications I needed‘. Seems to be more honest, also, the fact that her lawyer Lawrence Shire, especially if he is the Shire related to Grubman Shire, might have taken away whatever courage he thought he had to continue. I leave it up to the reader to form their own mind.

Yet this is not about that, but it could be.

Consider the following issue, which I witnessed myself today. The setting is simple. She uses her smartphone and for the most never ever uses Skype. Yet, she has a Skype account on her notebook. She needed Skype on her mobile, which was easy enough, yet after installing it, we have lost 4 hours and half a dozen attempts to reset her password.

Skype1

 

 

 

 

 

  1. We enter Skype.
  2. Password lost, which means another browser.
  3. We enter mail details.
  4. We use the received code to enter a new password
  5. We go to Skype, yet the linked identity does not work.
  6. We start again from step 2.

As you can see in the diagram, for some reason, the Skype name and the android Skype are not updated or linked. Even as a technologist it took me a while to see through this and Microsoft is not much help either. If we consider I had dozens of attempts without any repercussions, how long until someone starts trying to get into someone that actually matters?

The issue I showed two days ago (at http://thenextweb.com/apple/2014/09/01/this-could-be-the-apple-icloud-flaw-that-led-to-celebrity-photos-being-leaked/) gave some indications of what is going on. Now we see another level on Skype that calls certain matters into question, more important that the Skype android cannot get updated for some reason, so there is even more going on now, especially as the issues surrounding android Skype seem to have been around since 2012.

This is not the only issues that are out on the works; it seems that Microsoft OneDrive has similar issues of security. There we see that you cannot limit the one drive to be ONLY accessible by certain devices, with cyber-crime on the rise to this degree, we see another mass collecting point, where the people behind it seem to be dancing to the music of Marketing and the mere simplistic need of the matter, as a technologist would mention it is not there. It is likely the same kind of answer I heard in the past “We will get to that in the next edition” or “Let’s get this ‘solution to’ (read revenue from) the customer first“, solutions where the technologist is not at the centre of it all.

Only AFTER some got to admire the Jennifer Lawrence’s chest section do we now see the headline “Apple Says It Will Add New iCloud Security Measures After Celebrity Hack” (at http://bits.blogs.nytimes.com/2014/09/04/apple-says-it-will-add-new-security-measures-after-celebrity-hack/), so is this Marketing waking up, or was IT slamming their fist on the table? Either way, those pushing people and business alike to cloudy places of automatic public revelations should now seriously wake up and smell the intrusion on their networks.

Several of these solutions are still not completely up and running, and the ‘patch’ like solutions in place now, are likely no more than a temporary option, whilst the cyber-criminal goes on exploiting other venues of weaknesses. Let’s not forget that the 101 celebrities list sounds nice, but there are globally at least 399 more women who are beautiful beyond believe, and those not into that kind of information are likely interested in the files of Sir Iain Robert Lobban (GCHQ), Andrew Parker (MI5), John Sawers (MI6). Guess what! They are likely to have very secure solutions in their possession, yet can the same be said for Ewen Stevenson (CFO-RBS) or Simon Henry (CFO Lloyds Banking group)? These people all use solutions for presentations, memo’s and other items. In some cases they need connections to keep up and running. How long until we see the power of Cyber criminals as they influence the market? It just takes one unconfirmed message to make a shift in any direction. If people are scared of what a Lone Wolf can do by blowing up things, think of the damage of disclosed financial events bring. We have seen the smallest of restraint in the press in the case of Jennifer Lawrence (but only by using a super computer and exposing the deeds of the members of the press to the Lyapunov stability algorithm), but is that enough?

There is a growing sense of fear and massive distrust. We have seen it start with Facebook Messenger on the mobile, we have seen some people whisk it all away, yet not unlike the laughable Sony Troll, as they mentioned the ridiculousness of the changed terms of service from Sony, we have seen too much blatant abuse from the greed driven data collectors and now, as trust is gone, more people are starting to wonder why their own local governments aren’t truly looking into it and they fear the same flaccid indecisiveness from them when the Financial sector left a large group of the population (not just in America) in utter destitution.

It goes beyond mere ethics; it is an absolute absence of dedication towards consumer protection for the prospering board of directors, which is at the essential fearing heart of many, both wealthy and utterly non wealthy alike.

This all is getting now more and more visibility as we see the growing amount of people in their ‘right to be forgotten‘, yet as we see at the Guardian (at http://www.theguardian.com/technology/2014/sep/10/google-europe-explain-right-forgotten-eric-schmidt-article-29) we see the following quote “Google is currently conducting a grand tour of Europe, with the ten members of its Advisory Council touring seven cities to gather evidence on the developments in the so-called “right to be forgotten” ruling“, in addition we see “The one thing that everyone agrees about this case is that the label it has been given – the “right to be forgotten” – is a very poor descriptor. More accurately, it is about the right to obscure or suppress personal information“, so is that it, or is there more? Well we can consider the part where the absence of any legal obligation on Google to reveal its processes, which renders Google judge, jury, and executioner. So in combination that it is not about forgetting (read deleting), but about obscuring (read less easy to find) will leave an open field for those with better data comprehension. A market where Google is trying to cash in, so instead of everyone finding it, only those paying for certain levels will more easily acquire information. That is not what ‘right to be forgotten‘ was about. Now again we see the press, yet in this case they are not really placed in any blame, however there is a (sizeable) missing level of clarity on what EXACTLY is requested from more than one side, the un-clarity leads to uncertainty with that leading to nothing getting done. So what is in play?

We know that Google’s fortunes are also linked to data, which means that any additional ‘forget me now’ request is impacting the business of Google, not the one, or the 5, but consider every postcode in the world and 5-10 requests from each of those to be forgotten, now it becomes a massive task, requiring thousands of people, working thousands of hours, paid from the at that point medium slim lined coffers of Google, whilst at the same time having to hold onto those records for later reasons, likely including journalistically and/or juridical. So as we look at all these escalations, then Skype, OneDrive and iCloud are not just three identities, they become three entities of threat of the collected data of all, the privacy of them and whether forgotten or not, they are aware of where they kept their information, passwords and snapshots.

The view of technology every person needs to start comprehending, because they all forgot that ease and comfort come at a price, they just did not consider the currency that was linked to that price. Some of this can be seen in the Lifehacker who in February 2013 (at http://www.lifehacker.com.au/2013/02/why-cloud-services-are-so-easy-to-hack/) write “In most cloud environments, there’s no concept of intrusion detection or prevention, and if they are there people don’t know how to use them“, in itself not that amazing a quote, even though it is a year old and in one year many people tend to not educate themselves that much because of the declining comfort levels. Yet at the end he states a more powerful issue: “This week, I’m in London for Data Centre World, paying particular attention to how to maximise efficiency and lower costs in the data centre“, which is at the heart of my issue. Often these factors involve automation and scripting, which when it comes to issues like speed and the prominence of reduced cost tends to leave security in the backdrop. So if you had any reason to fear any of these solutions, then consider one issue “If all your cloud data became public knowledge at 23:00 and in the 8 hours following you had ZERO control“. Would you be worried? If not then sleep on and sweet dreams, if the answer is ‘Yes’, then you need to take some serious time and get educated on the risks and the consequences. I cannot answer the question for you, but when was the last time you actually had such a conversation with your IT person, or with the sales engineer of the sales person who sold you the cloud solution?

Data is currency, when it is open knowledge for all; you end up only having goodwill and an empty hard drive, which is valued at the price of the empty hard drive.

 

Leave a comment

Filed under IT, Law, Media, Science

Tagged as , , , , , , , , , , , , , , , , , , , , ,

January 18, 2014 · 19:17

Diary for a wimpy President

It’s Saturday and the news is hitting the Guardian. The news of NSA reforms to end government storage of call data. For those who are stupid enough to think that this is a good thing, I reckon they should think again. The article asks a few questions. Questions I had voiced for some time and the people behind the screens have been very careful to play a game where they are not just in the place to set conditions, they will determine what will be stored, where it will be stored and how it will be sold. It was the one fear that people needed to have. If you are over 40, it does not matter where on the planet you live. Ask yourself the one question. ‘What if the insurer knew your actual health status?’ How scared are you now? Be afraid! This was on the table for a long time.
Quite literally, the structural discontinue of choice.

So, how do I get from one piece of information to the other one?

Consider the article as it is today (at http://www.theguardian.com/world/2014/jan/17/obama-nsa-reforms-end-storage-americans-call-data)

The first point is “The government will no longer store the phone call information of millions of Americans. But he did not say who should maintain the information, instead giving the intelligence community 60 days to come up with options.

The next one is “The US government had to be held to a ‘higher standard’ than private corporations that store user data or foreign governments that undertake their own surveillance.” This implies that the higher standard is a hindrance. This is the part that had to be shed. So, like the private contractors in the past as the intelligence industry ended up with invoices in access of 175%, whilst employing the services of the same people (who all went into business for themselves). We now face a similar change. So, was Edward Snowden a traitor? If the view as I see it is correct, then this implies that he did exactly what was required of him. The question is, was this what the NSA had in mind from the very beginning?

This is where the third quote comes into play “‘What I did not do is stop these programs wholesale, not only because I felt that they made us more secure, but also because nothing in that initial review, and nothing that I have learned since, indicated that our intelligence community has sought to violate the law or is cavalier about the civil liberties of their fellow citizens,’ Obama said.

Yes, he did not stop them wholesale, they are about to become corporate controlled and accessible for all who have the access ticket and the money to pay for the invoice.

There is another part to this. Did anyone consider how nervous certain people in Wall Street were; if their mobile information was known? What if certain links were proven? The accountability of certain people would mean that they could actually end up in jail. Yes, the Wimpy kid in the Oval Office is making certain that certain connections will never end up there (always blame the man at the very top).

Again another notch in the thought patterns and evidence that I call ‘the plan’ that was conceived some time ago. So, where is the evidence? If there is no sustainable thought, then this is just conjecture and conspiracy theory. There is already plenty of that on the internet. So, let me take you back and go over the points.

It started last year when I first wrote ‘The Hunchback of the NSA’ on June 11th. It shows the career of Edward Snowden as it has been told by several media outlets. The first part of the evidence was clear for all to see. He claims to be disillusioned with the CIA and joins the NSA. There he gets into the data program at some stage (and no one thought it was good idea to keep their eyes on him).

On the 23rd of June I write ‘Who are the watchers?’ the one linked element here is the quote “Snowden told the Guardian, ‘They [GCHQ] are worse than the US’“. This is part of the issue. You see, whatever the USA decides, once the issues are truly revealed the cyber units of the allies will be the dangers. The ‘evidence’ seems to be all about how worse others are. The parade that the Guardian starts pays off and soon thereafter Sir Iain Robert Lobban as well as his peers at five and six end up in a public interview seat. Considering the article he wrote ‘Countering the cyber threat to business‘ (at http://www.gchq.gov.uk/press_and_media/news_and_features/Documents/directors_IoD_article.pdf), might be seen as an actual indicator that he has been ahead of the pack by miles for some time, it could just be seen by itself as a good manifesto to start keeping yourself safe.

There is one quote at the centre of all this “GCHQ is aware of theft of IP on a massive scale. The volume of attacks on industry continues to be disturbing.” I will get back to this later on, what is important are the three points the director sets out and more important, how they could also be seen.

• Have you identified your organisation’s key information assets and the impact it would have on your organisation if they were compromised or your online services were disrupted?
[Alternative: what data is bankable?]

• Have you clearly identified the key threats to your organisation’s information assets and set an appetite for the associated risks?
[Alternative: what data is accessible?]

• Are you confident that your organisation’s most important information is being properly managed and is safe from cyber threats?
[Alternative: the value management of data you think you own]

The alternative are not just views I opt for, consider that the data collection field goes into open commercial hands as it could be presented by March 31st, what are your options to purchase certain buckets of data (which will be shown down later on in this article)?

On the 1st of July I wrote ‘Classes of classification
The two issues here are “So if we consider the digital version, and consider that most intelligence organisations use Security Enhanced Unix servers, then just accessing these documents are pretty much a nono. EVEN if he had access, there would be a log, and as such there is also a mention if that document was copied in any way. It is not impossible to get a hold of this, but with each document, his chance of getting caught grows quicker and quicker. He did not get caught.
And
It does not matter whether he is the IT guy. The NSA has dozens upon dozens of them, and as such, the fact that he was able to syphon off such a wide area of information (and get it out of the building) is more than just questionable.

It comes back to getting data out of the NSA. The fact that this was done considering their security, can we even allow data in commercial hands, a place where it is all about saving cost? It is opening a field where data is no longer safe in any shape or form, more important, the multi-billion dollar of extra costs as they would be presented down the line will be far beyond out imagination.

Most of the issues as I set them out were also discussed on October 29th in ‘The Wrong questions’. There my train of thought was “What if Snowden is not the person he claims to be. I still think he is a joke at best, a patsy at worst. What if the leak is NOT a person?

The issues at play, I got to this point before, but until now I did not consider that this all might have been about commercialisation of a multi-billion dollar industry. The reason is that it could cost America well over 20% more to get someone else to do it, so selling data would be an implied consequence to keep the cost down for the US treasury.

Now we get to the last part of the equation from my article on November 22nd called ‘Ignoring corporate dangers

There I reported “2009 National Intelligence A Consumer’s Guide”, where at page 52 it states “The Act specifies that OIA shall be responsible for the receipt, analysis, collation, and dissemination of foreign intelligence and foreign counterintelligence information related to the operation and responsibilities of the Department of the Treasury.

The article shows more and it shows the direct link between the treasury and the need for a commercial future through data. I mentioned earlier about buying a bucket of data? Well, here you have it. The issue as it is shown with links in the articles to official government documents. They all have one thing in common, when it all changes into non-government hands, their mandates would not change. However, those who will be able to get access to the data, that list will change by a lot. They only need to pay the invoice, which might end up being like buying data files from a chamber of commerce or a statistical data bureau; it will however have a lot more data.

Here we get to the question I promised to answer earlier. The issue of IP theft on a massive scale! I am not stating that someone’s server is getting emptied from the outside, but consider knowing who is where and how their situation is. There is an interesting read at http://www.mcgrathnicol.com/news/Documents/011211_Inhouse Counsel_Unearthing the Electronic Evidence.pdf. It does not just show how relative easy it often is to get IP valued information, the data collection once commercialised could give competitors information on the players are at the centre of new intellectual property.

So, now we get to that question I asked in the beginning: ‘What if the insurer knew your actual health status?’ that is no longer a question. The information could be buried in the mega amounts of data that has been collected in so many ways. When the data is no longer in government hands, they could become available. So, when your premium goes up by +20%, be sure to thank those people claiming that the government could not be trusted; they opened the door ending many of our freedoms of choice.

 

3 Comments

Filed under Finance, IT, Law, Media, Politics

Tagged as , , , , ,

May 27, 2013 · 10:46

The Data Intelligence bill

GCHQ_StampBThe events that occurred in Woolwich have sparked more than just one debate. The new debate is involving the additional powers that Home Secretary May wants to hand to the intelligence branch. It involves a data bill that was vetoed by the Deputy Prime Minister Nick Clegg. He stated that it was too much of an invasion of privacy.

Is he correct?

Initially I would side with that part. Yet, you cannot have it both ways. There is a plain and simple need to keep England’s citizens safe from radicalised attacks. The issue of Home grown terrorism had been an issue going back to Sir Jonathan Evans reign of MI-5. He was more than just a little concerned with outside influences on the British way of life. This now falls firmly on the shoulders of both Andrew Parker, who is well aware of the issues as well as the needed response and Sir Iain Robert Lobban of GCHQ. As this is Signal intelligence and as such it falls in his lap as the data would be needed for MI-5, MI-6 and some parts of local law enforcements.

I would think that part of this bill will start with Lord Carlile. His involvement in this goes back to the Terrorism Act of 2000. Current issues are ‘tainted’ by two reports and as such they both are important. First there is the National council of Civil Liberties that drafted a response to the definition of terrorism, which seems to have been the work of Gareth Crossman and Jago Russel. You should take a look at it (source: http://www.liberty-human-rights.org.uk/pdfs/policy06/response-to-carlile-review-of-terrorism-definition.pdf). It is an interesting work, and important to read is how they see this all. Part of the weakness is the approach on page 3 where they state: “It is vital that the definition of ‘terrorism’ is drawn as tightly as possible“. It is a decent stance to have, yet in the light of fear against home grown/lone wolf terrorism it is actually counterproductive. Terrorism is a shifty acre of quicksand and the strict approach is not only going to fail, it will get the people involved stopping this drowned. Not a good thing me thinks!

I feel uncertain to the point 6 they make on page 5. Yes, they do state that it is outside of the scope of the document, and as such they only raise the comments made that Terrorism should be dealt with under Criminal law. Here is where I might be the dissenting voice. The law should cover all, I do believe in that, however, what part of law? We are dealing with a group that does not seem to be categorised as such. These people are not transgressing in a way where we approach a normal person, or even the average person. Whilst we approach these transgressors in one way or another, even when if possible their defence starts going into the Mental Health act we will see a case where the court is drawn into years of litigation and dealing with a case that as such should be seen as a non-combatant involved in hostile military actions against civilians with no allegiance to any nation and as such it becomes a mess where each case locks down the justice system more and more. Consider the American situation (Foreign Intelligence Surveillance act). This comes from a special report by their Justice department stated in June 2005.

This allowed the use of FISA information in a criminal case provided that the ‘primary purpose’ of the FISA surveillance or search was to collect foreign intelligence information rather than to conduct a criminal investigation or prosecution. The seminal court decision applying this standard to information collected in intelligence cases was issued in 1980. See United States v. Truong Dinh Hung, 629 F.2d 908 (4th Cir. 1980). In this case, the Fourth Circuit Court of Appeals ruled the government did not have to obtain a criminal warrant when ‘the object of the search or the surveillance is a foreign power, its agents or collaborators,’ and ‘the surveillance is conducted primarily for foreign intelligence purposes.’ Id. at 915. However, the court ruled that the government’s primary purpose in conducting an intelligence investigation could be called into question when prosecutors had begun to assemble a prosecution and had led or taken on a central role in the investigation.

This shows that the narrowness of the scope would be the obstacle we should be trying to prevent. The issue is NOT our privacy at that point; it is all about them having access to go after the right people. This requires them to blanket us with collection of data. Even though the data is all collected, it will turn out that 99.9% might never be accessed. Having it is however essential for their success of stopping terrorist attacks. So when the Sky News UK reporter Stephen Douglas mentioned “are they playing politics with fear” then he is in my humble opinion incorrect. This data bill has been needed for a long time. It can even be safely speculated that MI-5 could have intervened with the Kenyan involved in the Woolwich murder at an earlier stage as more flags would have been raised. Their interview with him would have led to other questions, confirmations of danger. That seems to not have happened at this stage.

So from the civil liberty document we move to document cm7058 from June 2007 which holds “The Government Reply to the Report by Lord Carlile of Berriew Q.C. Independent Reviewer of Terrorism Legislation The Definition of Terrorism“. (Source: http://www.official-documents.gov.uk/document/cm70/7058/7058.pdf). My issue is with point 5 on page 5. Idiosyncratic terrorism imitators should generally be dealt with under non-terrorism criminal law. This is the point that shows the need of the data bill. Especially when we consider Lone wolf or Home grown terrorists there will be the issue whether the person was a mental health wannabe, or a more intelligent individual being allowed a second go at harming groups of people, after civil rights protected him the first time.

So even if we want to give strength to both Nick Clegg and the National council of Civil Liberties. They are there speaking out to protect your rights. Yet, in that process, they are giving strength and freedom to terrorist attacks like the one in Woolwich (not intentionally). This issue is like a seesaw. These two viewpoints are utterly opposing and as we give power to one, we remove it from the other. The interesting part is that the information we surrender will not harm us unless we support terrorism. Should that not convince you then please remember that you have already given away your privacy to most market research and financial institution data centres. They only want your money, or in a product driven way bank you. The intelligence community wants to keep you safe. In my mind, there is no debate. The data bill is likely to come and should be there, if only to prevent a second Woolwich.

Leave a comment

Filed under Law, Media, Politics

Tagged as , , , , , , , , , , , , , , , , , , , ,