Tag Archives: Sony Hack

Targeting the FBI

Do not worry, the FBI is not under attack from any hostile force, in this particular case it is me who will be on the offensive regarding statements made in 2014. Let me explain why. To get to the start of this event, we need to take a step back, to be a little more precise we need to turn to the moment 645 days ago when we read that Sony got hacked, it got hacked by none other than North Korea. It took me around an hour to stop laughing, the stomach cramps from laughter are still on my mind when I think back to that day. By the way, apart from me having degrees in this field. People a lot more trustworthy in this field, like Kim Zetter for Wired Magazine and Kurt Stammberger from cyber security firm Norse. The list of sceptics as well as prominent names from the actual hacking world, they all had issues with the statements.

We had quotes from FBI Director James Comey on how tightly internet access is controlled there (which is actually true), and (at https://www.fbi.gov/news/pressrel/press-releases/update-on-sony-investigation) we see “the FBI now has enough information to conclude that the North Korean government is responsible for these actions“. I am pretty sure that the FBI did not expect that this would bite them down the track. This all whilst they rejected the alternate hack theory that Cyber Intelligence firm Norse gave (at http://www.politico.com/story/2014/12/fbi-rejects-alternate-sony-hack-theory-113893). Weirdly enough, the alternative option was no less than ten times more possible then the claim that some made. Another claim to have a giggle at came from Homeland Security, the quote was “The cyber-attack against Sony Pictures Entertainment was not just an attack against a company and its employees. It was also an attack on our freedom of expression and way of life“, which is a political statement that actually does not say much. The person making it at the time was Jeh Johnson.

You see, this is all coming to light now for the weirdest of reasons. The Guardian (at https://www.theguardian.com/world/2016/sep/21/north-korea-only-28-websites-leak-official-data). The subtitle gives us “Apparent error by a regime tech worker gave the world a rare glimpse into the few online sources of information available“, so one of these high profile worldly infamous hackers got a setting wrong and we get “But its own contribution to the world wide web is tiny, according to a leak that revealed the country has just 28 registered domains. The revelation came after one of North Korea’s top-level name servers was incorrectly configured to reveal a list of all the domain names under the domain .kp“, you see, here we see part of the fun that will now escalate.

In this I invite NSA director Admiral Michael Rogers and FBI Director James Comey to read this, take note, because it is a free lesson in IT (to some extent). It is also a note for these two to investigate what talents their agencies actually have and to get rid of those who are kissing your sitting area for political reasons (which is always good policy). When  the accused nation has 28 websites, it is, I agree not an indication of other internet elements, but let me add to this.

The need to prototype and test any kind of malware and the infrastructure that could actually be used against the likes of Sony might be routed via North-Korea, but could never originate there. The fact that your boffins can’t tell the difference is a clear given that the cyber branch of your organisations are not up to scrap. In that case it is now imperative that you both contact Major General Christopher P. Weggeman, who is the Commander, 24th Air Force and Commander, Air Forces Cyber (AFCYBER). He should most likely be at Lackland Air Force Base, and the phone number of the base is (210) 671-1110. I reckon setting up a lunch meeting and learn a thing or two is not entirely unneeded. This is not me being sarcastic, this is me telling you two that the case was mishandled, got botched and now that due to North Korean ‘expertise’, plenty of people will be asking questions. The time requirement to get the data that got taken was not something that happened overnight. For the simple reason that that much data would have lit up an internet backbone and ever log alarm would have been ringing. The statement that the FBI made “it was unlikely that a third party had hijacked these addresses without allowance from the North Korean government” was laughable because of those pictures where we saw the Korean high-command behind a desktop system with a North Korean President sitting behind what is a mere desktop that has the computation equivalent of a Cuisena Egg Beater ($19.95 at Kitchen Warehouse).

Now, in opposition, I sit myself against me. You see, this might just be a rant, especially without clarification. All those North Korean images could just be misdirection. You see, to pull of the Sony caper you need stimulation, like a student would get at places like MIT, Stanford, or UTS. Peers challenging his solutions and blocking success, making that person come up with smarter solutions. Plenty of nations have hardware and challenging people and equipment that could offer it, but North Korea does not have any of that. The entire visibility as you would see from those 28 domains would have required to be of much higher sophistication. You see, for a hacker, there needs to be a level of sophistication that is begotten from challenge and experience. North Korea has none of that. Evidence of that was seen a few years ago when in 2012 in Pyongyang I believe, a press bus took a wrong turn. When some reporters mentioned on how a North Korean (military I believe) had no clue on smartphones. I remember seeing it on the Dutch NOS News program. The level of interaction and ignorance within a military structure could not be maintained as such the military would have had a clue to a better extent. The ignorance shown was not feigned or played, meaning that a technological level was missing, the fact that a domain setting was missed also means that certain monitoring solutions were not in place, alerting those who needed to on the wrongful domain settings, which is essential in regards to the entire hacking side. The fact that Reddit and several others have screenshots to the degree they have is another question mark in all this last but not least to those who prototype hacking solutions, as they need serious bandwidth to test how invisible they are (especially regarding streaming of Terabytes of Sony data), all these issues are surfacing from this mere article that the Guardian might have placed for entertainment value to news, but it shows that December 2014 is a very different story. Not only does it have the ability to exonerate the

We see a final quote from Martyn Williams, who runs the North Korea Tech blog ““It’s important to note this isn’t the domain name system for the internal intranet,” Williams wrote. “That isn’t accessible from the internet in any way.”” which is true to some extent. In that case take a look to the PDF (at https://www.blackhat.com/presentations/bh-usa-07/Grossman/Whitepaper/bh-usa-07-grossman-WP.pdf) from WhiteHat security. On page 4 we get “By simply selecting common net-block, scans of an entire Class-C range can be completed in less than 60 seconds“, yes, I agree you do not get that much info from that, but it gives us to some extent usage, you see, if something as simple as a domain setting is wrong, there is a massive chance that more obscure essential settings on intranet level have been missed, giving the ‘visitor’ options to a lot more information than most would expect. Another matter that the press missed (a few times), no matter how Time stated that the world was watching (at http://time.com/3660757/nsa-michael-rogers-sony-hack/), data needs to get from point to point, usually via a router, so the routers before it gets to North Korea, what were those addresses, how much data got ported through?

You see, the overreaction from the FBI, Homeland Security, NSA et al was overly visible. The political statements were so out in the open, so strong, that I always wondered: what else? You see, as I see it, Sony was either not the only one who got hacked, or Sony lost something else. The fact that in January 2015 Sony gave the following statement “Sony Entertainment is unable to confirm that hackers have been eradicated from its computer systems more than a month after the film studio was hit by a debilitating cyber-attack, a report says“, I mentioned it in my article ‘Slander versus Speculation‘ (at https://lawlordtobe.com/2015/01/03/slander-versus-speculation/). I thought it was the weirdest of statements. Basically, they had almost 3 weeks to set up a new server, to monitor all data traffic, giving indication that not only a weird way was used to get to the data (I speculated on an option that required it to be an inside job), yet more important, the fact that access had not been identified, meaning it was secured gave way to the issue that the hackers could have had access to more than just what was published. That requires a little bit more explanation. You see, as I personally see it, to know a transgressor we need to look at an oversimplified equation: ‘access = valid people + valid systems + threats‘ if threats cannot be identified, the issue could be that more than one element is missing, so either you know all the access, you know all the people and you know the identity of valid systems. Now at a place like Sony it is not that simple, but the elements remain the same. Only when more than one element cannot be measured do you get the threats to be a true unknown. That is at play then and it is still now. So if servers were compromised, Sony would need a better monitoring system. It’s my personal belief (and highly speculative) that Sony, like many other large companies have been cutting corners so certain checks and balances are not there, which makes a little sense in case of Sony with all those new expansions corners were possibly cut and at that point it had an IT department missing a roadmap, meaning the issue is really more complex (especially for Sony) because systems are not aligned. Perhaps that is the issue Sony had (again this is me speculating on it)?

What is now an issue is that North Korea is showing exactly as incapable as I thought it was and there is a score of Cyber specialists, many of them a lot bigger then I will ever become stating the same. I am not convinced it was that simple to begin with, for one, the amount of questions the press and others should have been asking regarding cloud security is one that I missed reading about and certain governmental parts in the US and other nations have been pushing for this cheaper solution, the issue being that it was not as secure as it needed to be, yet the expert levels were not on par so plenty of data would have been in danger of breaching. The question I had then and have now a lot louder is: “Perhaps Sony showed that cloud server data is even less secure than imagined and the level required to get to it is not as high as important stakeholders would need it to be“. That is now truly a question that matters! Because if there is any truth to that speculation, than the question becomes how secure is your personal data an how unaware are the system controllers of those cloud servers? The question not asked and it might have been resolved over the last 645 days, yet if data was in danger, who has had access and should the people have been allowed to remain unaware, especially if it is not the government who gained access?

Questions all worthy of answers, but in light of ‘statements made’ who can be trusted to get the people properly informed? Over the next days as we see how one element (the 28 sites) give more and more credible views on how North Korea was never the culprit, the question then becomes: who was? I reckon that if the likely candidates (China, Russia, UK and France) are considered there might not be an issue at all, apart from the fact that Sony needs to up their Cyber game, but if organised crime got access, what else have they gotten access to?

It is a speculative question and a valid one, for the mere reason that there is at present no valid indication that the FBI cyber unit had a decent idea, especially in light of the official response towards cyber security firm Norse what was going on.

Could I be wrong?

That remains a valid question. Even when we accept that the number of websites are no indication of Intranet or cybersecurity skills, they are indicative, when a nation has less websites than some third world villages, or their schools have. It is time to ask a few very serious questions, because skills only remain so through training and the infrastructure to test and to train incursions on a WAN of a Fortune 500 company is not an option, even if that person has his or her own Cray system to crunch codes. It didn’t make sense then and with yesterday’s revelation, it makes even less sense.

Finally one more speculation for the giggle within us all. This entire exercise could have been done to prevent ‘the Interview’ to become a complete flop. You know that movie that ran in the US in 581 theatres and made globally $11,305,175 (source: Box Office Mojo), basically about 10% of what Wolf of Wall Street made domestically.

What do you think?

 

Leave a comment

Filed under IT, Media, Military, Politics, Science

In reference to the router

Is this a case of Mythopoeia? Am I the JRR Tolkien of bloggers (I wish) and writer of facts by a non-journalist? It might be. You see, this is all about a mythological theme that is constant as war is, because war never changes! Its concept and construct is as old as the first ‘soldier’ who combined a flint and a stick and started to spear people. In this mindset it is all about the other person, an archaic approach to the issue that does not lie beneath, it’s in front of the person not seeing what is right in front of him/her.

It is also the first evidence that we consider the concept ‘old soldier never die, they simply fade away’ to be no longer a genuine consideration. In this day and age, the old soldier gets his/her references deleted from the database of considerations. We remain with nothing more than an old person that cannot connect or interact, the router won’t let him/her!

This is how it begins, this is about certain events that just occurred, but I will specify this momentarily, you see, it goes back to an issue that Sony remembers rather well they got hacked. It was a long and hard task to get into that place Login=BigBossKazuoHirai; Password=WhereDreamsComeTrue;

Soon thereafter no more firewall, no more routers, just the bliss of cloud servers and data, so much data! The people behind it were clever, and soon it was gone and the blame fell to the one nation that does not even have the bandwidth to get 10% past anything. Yes, North Korea got blamed and got fingered and in all that the FBI and other spokespeople gave the notion that it was North Korea. The people who understand the world of data know better, it was the only player less then least likely to get it done, the knowhow and the infrastructure just isn’t there. I did have a theory on how it was done and I published that on February 8th 2015 (at https://lawlordtobe.com/2015/02/08/the-next-cyber-wave/) in the article called ‘The next cyber wave’. It is only a theory, but it is a lot more reliable and likely than a North Korean incursion because of a movie no one cares about.

The FBI has plenty of achievements (FIFA being the latest one), but within the FBI there is a weakness, not a failing, but a weakness. Because the US has such a niche setup for NSA, CIA and other Intel officers, their offices are for the most still archaic when it come to the digital era. They go to all the events, spend millions on courses and keep up to date, but for the most, these people are following a wave that is one generation old, they follow, they do not lead. The entire Edward Snowden issue is clear evidence. I remain to regard him a joke, not a hacker, so far he is just placed on a pedestal by the press, who have created something unreal and whatever they do not to change it, it will only cut themselves. That is the fall-back of creating an artificial hero who isn’t one.

Yet, this is not about Snowden, he is only an element. Now we get to the concept of paleo-philosophy and how it hits government structures behind IT. This all started yesterday (at http://www.theguardian.com/technology/2015/jun/04/us-government-massive-data-breach-employee-records-security-clearances), where we see ‘OPM hack: China blamed for massive breach of US government data’. Now first of all, if one power can do this, than it is China! France, UK and a few others can do it too, but let’s just assume it is not an ally! Here is where the entire paleo-philosophy comes into play. You see, even though war remained constant, the players changed and for the most, it is no longer about governments. This is all about corporations. Even the movies are catching on, there is no true side to Russia or China as the enemy. Yes, their students might do it to impress their superiors/professors, but that would just be there defining moment. Ethan Hunt is not hunting a nation, it is now hunting conglomerates, large players who remain and require to be zero percent taxable. Those are the actual ream enemies for the UK, the US and China. You see, I am not stating it was not China, I am only questioning the reasoning and other acts. You see, I tried to get an answer from State Secretary John Kerry at +1-202-647-9572, who does not seem to be answering the phone, neither is his right hand man, Jonathan J. Finer at +1-7234 202-647-8633. This is not a secret, the State Department has the PDF with office numbers, locations and phone numbers in an open PDF and you can Google the little sucker! In the age where loads of stuff is open the right person can combine tonnes of data in a moment’s notice.

So can the larger players! The quote in the beginning is the kicker “the impact of a massive data breach involving the agency that handles security clearances and US government employee records“, you see loads of this information is already with intelligence parts and counter parts. I reckon Beijing and Moscow had updated the records within the hour that the next record keeper moved into the office. Yet, now in 2015, as the engine starts up for the presidential elections of 2016, that data is important to plenty of non-governments, that part is not seen anywhere is it?

Then we get “A US law enforcement source told the Reuters news agency on Thursday night that a ‘foreign entity or government’ was believed to be behind the attack“, which is fair enough, so how was the jump made to China? You see, only 5 weeks ago, the Financial Review gave us “US Treasury pressures Tony Abbott to drop ‘Google tax’” (at http://www.afr.com/news/policy/tax/us-treasury-pressures-tony-abbott-to-drop-google-tax-20150428-1mu2sg). So as the Obama administration ‘vowed’ to crackdown on Tax avoidance, they are really not the player who wants to do anything to upset those luscious donators of pieces of currency paper (loads of currency paper), so a mere 6 months later the US, is trying to undo what they promised, whilst still trying to push the TPP papers through the throats of consumers everywhere, what an interesting web we weave!

You see, for the large corporation that list of who has access to papers, and his/her situation is worth gold today, for the Chinese a lot less so. Yet, I am not writing China off as a possible culprit! Let’s face it, they are not North Korea, which means that they do not need to power their router with a Philips 7424 Generator! So at this point, I would tend to agree with Chinese foreign ministry spokesman Hong Lei who branded the accusations “irresponsible and unscientific” at a news briefing on Friday.

Now we get to the quote that is central to the entire paleo-philosophy matters: “DHS is continuing to monitor federal networks for any suspicious activity and is working aggressively with the affected agencies to conduct investigative analysis to assess the extent of this alleged intrusion”, first of all, I am not having a go at the DHS. I have done so in the past with good reason, but this is not that case. I think that in many areas government in not just falling behind, it started to fall behind in 2005 and has been falling behind ever since. Not just them though, organised large corporations like Sony, CVS Health, Valero Energy and Express Scripts Holding are only a few of the corporations that do not even realise the predicament they are in. The Deep Web is not just a place or a community, some of the players there have been organising and have been sharing and evolving that what they know. A massive pool of information, because Data is money, governments know it, corporation know it and THE HACKERS know it too. For them it is all relative easy, they have been living and walking the cloud data with the greatest of ease they can conflict data points and flood certain shared data hosts, only to achieve to get behind the corridor and remain invisible whilst the data is available at their leisure. In that environment the intelligence community is still trying to catch up with the basics (compared to where the hackers are). You see, whilst people in corporations and government are all about politics, those hackers were bout mayhem and anarchy, now they are figuring out that these skills get them a wealthy and luxurious lifestyle and they like the idea of not having a degree whilst owning most of Malibu Drive, a 21st century Point Break, where the funds allow them to party all the time. Corporations got them into that thinking mode. So were the culprits ‘merely’ hackers or was it a foreign government? That is the question I am unable to answer with facts, but to point at China being likely is event less assuring. Consider who gains power with that data? This much data can be up for sale, it can be utilised. In the premise of both, China is not unlikely, but what is ‘more likely than not’ is also a matter, even though that question is less easily answered and without evidence (I have none) any answer should not be regarded as reliable!

Now we get to the quote “Embassy spokesman Zhu Haiquan said China had made great efforts to combat cyberattacks and that tracking such events conducted across borders was difficult” it is correct, it matters and it is to the point. In addition, we must accept that trackers can also be set on the wrong path, it is not easy, but it can be done, both the hackers and China have skills there, as do the NSA and GCHQ. Yet, in all that, with the Sony hack still fresh in memory, who did it, which is the interesting question, but WHY is more interesting. We tend to focus on clearances here, but what else was there? What if the OPM has health details? What is the value of health risk analyses of 4 million people? At $10 a month that is a quick and easy half a billion isn’t it?

You see, the final part is seen here: “DHS is continuing to monitor federal networks for any suspicious activity and is working aggressively with the affected agencies to conduct investigative analysis to assess the extent of this alleged intrusion”, This is to be expected, but the intruders know this too, so how did they get past it all again? That is the issue, I gave in my earlier blog one possible solution, but that could only be done through the inside person, to be clear of that, someone did a similar thing in the cloud, or in the stream of data, in a way that it does not show. Perhaps a mere pressure of data in a shared cloud point is all it took to get past the security. How many data packages are lost? what intel is gained from there, perhaps it is just a pure replication of packages job, there is no proper way to monitor data in transit, not in cloudy conditions, so as we see that more data is ‘breached’ we all must wonder what the data holders, both government and non-government are not ready for. It is the data of you and me that gets ‘sold’ who does it get sold to?

So as we see an article of a data hack and a photo of routers and wiring, which looks geeky and techy, was this in reference to the router? Or perhaps it is in reference to a reality many in charge are not ready to face any day soon, and in light of the upcoming US elections of 2016, some of these politicians definitely do not want to face it before 2017. Like the Google Tax, let the next person fix it!

A preferred political approach that will allow them to lose exclusivity of your data real fast!

 

2 Comments

Filed under Finance, IT, Media, Military, Politics, Science

When you BS the customer

I have had three issues on that matter, all in one week, so I reckon that I am slightly agitated in regards to projected presenters of misinformation with intent (also known as recruiters). If that was not enough, in the tech sector Verizon added to this with the article in the Guardian (at http://www.theguardian.com/technology/2015/apr/14/mobile-malware-report-verizon-smartphone-adnoyance). The article is interesting for more than one reason, so let’s get to it.

The title is a valid question as it states ‘Is mobile malware a lot of fuss over nothing?’, some will say yes, a lot more will say no. Yet, how much of an issue is mobile malware? That is in the end a valid question. Verizon, a telecom provider goes for the ‘adnoyance’ key. They are depending on people relying on a provider as without it there is no phone, but is malware just the annoyance of advertisement? Many, including me are not convinced.

One source http://securityxploded.com/demystifying-android-malware.php, gave us clear goods. The article is very ‘techie’, but also very clear, showing step by step the issue in play.

At step 8, we get the part where we see what is going on: “The application sends an SMS to the premium number 1066185829 with the text 921X1. In the background, it blocks any incoming delivery report from this number so that the victim does not get any response regarding the SMS that the application sends in the background. Also, the SMS is sent only once and never again so that the victim has no suspicion of what caused the SMS charges to be sent to him“, premium numbers are a lot more expensive, which could be around $0.75 for one SMS. Now many will not care, thinking it happened once. So what is the deal? Well, see what it amounts to when it is done a million times. We all funded one criminal $750,000 for being clever. When we go back to the beginning of the article we get “McAfee’s first quarter threat report [Reference 1] stated that with 6 million unique samples of recorded malware, Q1 2011 was the most active first quarter in malware history“. Now, not all of them were about money, advertisement annoyance is a chunk here, but the casual air of Verizon becomes slightly offensive, or so it should be when we consider that dozens of creative souls are trying to spike their bank account in this way.

Yet, the one-time loss of $0.75 is not really an issue for the consumers at large, but what is?

Now, I get back at the issue I illustrated a long time ago, when we suddenly got those issues with Facebook messenger. Where you were giving it the right to record Audio. Before I continue, I must be fair to Facebook to and add an article here (at http://www.androidcentral.com/facebook-messenger-permissions-not-scary-stories-might-have-you-believe), it goes over many rights and it does try to suss a few issues (in a good way). There were however a few other issues, mainly connected to Facebook messenger draining the battery in massive ways. My issue here is that if it drains the battery, what is it using the energy for? Just to keep the mobile out of a sleep state?

Gizmodo (at http://gizmodo.com/facebooks-messenger-app-logs-way-more-data-than-you-rea-1633441673) gave us this: “Ever since Facebook first started pushing users over to its standalone messaging app (whether they liked it or not), there have been cries of outrage over what’s seemed like an inordinately large amount of required permissions. And while there’s still no indication that Facebook has any sort of bad intent, the company is collecting a startling cache of data, according to security researcher Jonathan Zdziarski“.

In addition we get “In an email, Zdziarski said that Messenger is logging practically everything a user might do within the app, from what and where they tap, to how often a device is held in portrait versus landscape orientation; even time spent in the Messenger app, versus the time it spends running in the background. …”[Facebook is] using some private APIs I didn’t even know were available inside the sandbox to be able to pull out your WiFi SSID (which could be used to snoop on which WiFi networks you’re connected to) and are even tapping the process list for various information on the device,” he wrote in an email.

Now, like Jonathan Zdziarski, I feel compelled to believe that Facebook is not doing anything wrong or illegal, but they are collecting huge amounts of data, by the way, when this is transmitted, will that be taken of your monthly data allowance? Seems to me that Verizon is downplaying the pressure on the monthly data allowance bill.

Now we get back to Brightcloud, who is giving us ‘Android Malware Exposed‘ (at http://www.brightcloud.com/pdf/Android-Malware-Exposed.pdf). The paper has a part on Spyware. On page 12, they state “Other types of threats are those that spy on you or steal your data. There are a number of apps that are the equivalent to commercial keyloggers found on PCs. These apps offer their services to ‘track’ your kids, spouse or employees. These behaviors are easy to incorporate into an app and this begins with the easy task of requesting the necessary permissions. For example, requesting ACCESS_COARSE_LOCATION, ACCESS_FINE_LOCATION, and READ_SMS will grant you access to SMS messages and GPS location“. This is the issue. It was not the $0.75, but the massive amounts of data that mobiles are working with nowadays. How long until these malware solutions get access to some of the larger collectors like Facebook? It is not that far a leap of suspicion is it?

In addition on that same page we see: “Threats which have used these spying techniques are NickySpy, Spitmo, GGTracker and GoldenEagle. NickySpy is interesting in that it utilizes the MediaRecorder() class to turn on the microphone and discretely record and save conversations to the SD Card. It is also able to send captured data to a remote server, although this functionality is not hard wired in. Below is a snippet of the function responsible for voice recording“. Now we get to the good part. The malware can be capturing events on audio without your consent and stream it. So, it was not just about the rights, it is about the ability that is unlocked to use. We focus on the big player like Facebook and Google, but we forget that data collecting is on the minds of governments, big corporations as well as organised crime and those into identity theft.

There are millions of examples, and Verizon trivialised it as ‘adnoyance’. The truth (as I see it) is that there is an entire echelon of dangers that people remain (intentional or not) oblivious to. One of the conclusions given in the article is “Trojans will continue to be bundled in repackaged APK’s and disguised as legitimate applications. With 900,000 daily Android activations worldwide, social-engineering tactics will continue to be used to trick users into installing malware“, so that friend you know that gave you the location of that free game, might in the end not be that good a friend. Unknown to him or not, that little freebee could be the start of your data going somewhere else.

Verizon might light of an issue, as it does not harm them, but it harms their customers. Instead of heralding Common Smartphone Sense, by making sure that people only download from reputable sources only (like Google Play Store), we see trivialisation. The added sentence ‘it’s unlikely to be the source of disastrous data breaches such as the Sony hack any time soon‘ adds to the failing of this article.

Malware is an issue, malware will continue to be an issue with added dangers over time and Yes, Android (as an open platform) has a larger issue to deal with. Yet, Common Smartphone Sense could reduce the dangers by 80% which is a huge diminishment of the risk the user has. In addition ‘the company estimates that just 0.03% of mobile devices are infected with “higher grade” malicious code each week’, sounds like a small number, but that implies that it is well over 600.000 phones each week. This makes it a clear issue, not a minute part. In the end, we are at 2,000,000,000 smartphones on the planet, and as that group grows, then so will the desire from some to infect that realm with higher grade malware.

In addition, two days ago, the Business Insider (at http://www.businessinsider.com.au/thousands-of-people-can-do-sony-hack-2015-4) stated ““There are probably a couple thousand, three, four, five-thousand people that could do [the Sony] attack today,” Miller told “60 Minutes.” He went on to explain that the technology used by the perpetrators of the Sony hack isn’t a custom-made program. Instead, Miller says it can be purchased online from Russian hackers for around $US30,000“, so if that is a fact, then how is North Korea still seen as the Cyber Boogieman? This issue is a lot bigger and the Smartphone is just adding to a Cyber world that is lacking security all over the place. Telecom operators will have to change the way they play the game, the moment that they are no longer seen as simple data provider through innocent dissemination. When the telecom companies are held to account, we will see a shift, one that will be a costly one for those who allowed massive amounts of data theft to remain unmonitored.

Verizon should be ashamed of itself!

 

Leave a comment

Filed under IT, Science