Tag Archives: Stanford

The Digital Dilemma

Just a few hours ago, the guardian makes us aware of an interesting case. The article by Rob Davies is interesting for a few reasons, apart from the fact that it was nicely written and reads really well. We see the title ‘Google under pressure to refuse Viagogo advertising‘ (at https://www.theguardian.com/money/2018/sep/10/google-under-pressure-to-refuse-viagogo-advertising). I cannot completely agree with the premise, but I understand the setting.

When we are confronted with: ‘FA, UK Music and MPs urge Google to stop accepting payments from ticket firm‘ we are confronted with a few things, all apart from the fact on the path taken and that awareness is a good thing. You see, when the quote “The letter, sent to senior Google executives on Friday and seen by the Guardian, says that Viagogo’s prominence in search rankings is leading to consumers buying sports, music and theatre tickets that may be invalid” we are confronted with two distinct parts, the first is ‘may be invalid‘, the more interesting part is not on Google, but on why there is no criminal investigation and prosecution of Viagogo. Is it not interesting that we see ‘pressure Google‘ and not ‘prosecute Viagogo‘? That part makes little sense. If the law is clear on selling and tickets at vast mark-ups, why is that not clearly in place?

When I enter ‘Viagogo’ in my google search, I am treated to at the very top of the screen. On the Right side I see image below that, which leaves us with even more questions, if you look at that image properly. So we can see that Viagogo is setting the right stage for Digital Marketing, there is no denying this. So as we are introduced to the workings of Eric H. Baker, the American businessman (read entrepreneur), aka founder and CEO of Viagogo, and co-founder of StubHub, a Harvard and Stanford graduate, we need to consider the parts where it counts. Is he breaking the law, and moreover if he is not breaking the law, is the setting of “Labour MP Sharon Hodgson, one of the letter’s signatories, said: “I have heard too many times from distressed customers of Viagogo that they were led to the website because it was at the top of their Google search” a valid one?

You see, whenever I want to go to a concert, I go to the actual site of where the performance is and I see THERE where I can get the tickets. So the fact that some consumers are lazy is one thing, that they do not properly do their homework is another one. That aside, when the law is broken actions need to be taken, that is clear, but was it? In additional, how often did MP Sharon Hodgson look into the matter? With ‘I have heard too many times from distressed customers’ she now becomes a valid target as well, so can we get specifics please? We see her visibility again in the Financial Times (at https://www.ft.com/content/2eefe9e0-b04f-11e8-99ca-68cf89602132). Now it is the other way around. Here we see ‘Viagogo sues Ed Sheeran’s promoter for ‘fraud’‘, that different candy, is it not? We setting given here is: “Viagogo claims that Stuart Galbraith, the founder of Kilimanjaro Live, “duped” fans during Ed Sheeran’s 2017 tour by setting up fake “Viagogo booths” outside venues to attract people who had bought their tickets from the site. These tickets, which Viagogo argues were valid, were then confiscated and fans were forced to buy new ones“, an interesting ploy, the question becomes was the law broken by Viagogo? We are also informed by the Financial Times on the action with “Viagogo said that it has refunded the fans who bought from them and has sued Mr Galbraith in a court in Hamburg with further legal action likely elsewhere“, so basically Viagogo refunded the customers, which is the decent act and will seek reparations elsewhere, which is (as far as I can tell) the decent business oriented act to follow. We are also given “senior executives from Viagogo are due to be questioned by British MPs about the site’s resale practices. Mr Galbraith is also scheduled to appear before the MPs“, this implies that the resale practice is looked into, yet it also quite clearly implies that no law is broken. Here is where we see the Labour MP mentioned as ‘Sharon Hodgson, the Labour MP who co-chaired the All-Party Parliamentary Group on Ticket Abuse‘. The question is not on merely ‘Ticket Abuse‘, the question is how the seemingly given title of abuse applies. This is a market of selling and reselling, until the law clearly makes reselling illegal, we see a setting that someone found a niche for margins and applied its options here.

So basically we could go to the setting that like most Labour minded ‘officials’ she too is full of (the ess and tea word) and goes with “Google needs to take action in order to protect consumers, and I look forward to working with them on this in the very near future“, to which my slightly too emotional response is: ‘No you stupid fishmonger, you either set the law correctly, or get out of the bloody way!‘ I agree it is not really diplomatic, but the entire setting is just a joke, the way I see it (at present).

You see, Viagogo (on their website) give us: “About Viagogo. Buyers are guaranteed to receive valid tickets in time for the event. If a problem arises, Viagogo will step in to provide comparable replacement tickets or a refund. Sellers are guaranteed to get paid for the tickets they sell and fulfil on time“, to me that is clear valid and acceptable. Yet in all this, I cannot find any setting where the CPS or the DPP is in a setting to investigate Viagogo or prosecute them, so were there laws broken? Now consider the commercial other path. If it was clearly illegal, or shunned Viagogo would have let’s say 200 tickets to any event and that would per gig be 20,000 in revenue lost if no one buys them, the question then becomes why not, and how can you continue this business? It would go into administration quick enough.

Is it illegal? That is not stated anywhere, and we need to acknowledge that it is either illegal, or it is not. So instead of working with this optional digital market provider, we see mere brazen outrage, whilst there is no clear legal definition. I also acknowledge that when we look at Product review, it got 1.3 out of 5, which is actually really bad and normally in eBay terms that score is close to a death sentence, yet they are still around why? I also acknowledge that we see reviews like ‘I could go online right now to Ticketmaster and purchase better seats for a much lower price‘, added only yesterday (what a coincidence), there are also the reviews that should lead the police towards the investigation of defamation against people like ‘Annie’ giving us: “People beware: do not bug from these people as the are comming a criminal offence called FRAUD. You buy tickets off them to get falsified tickets and are useless, get to the event an cannot get it. They send then to you a few days before the event“, so if Annie (optionally a fake FB account) cannot validate that opinion with facts, her opinion becomes defamation, if it is true and validated it becomes a path for prosecution (that was simple, was it not?). There was also a very positive review there, as well as ‘Delivered what they promised and got me out of a jam‘ from a Verified Customer. Now, I get it, there will be happy and unhappy customers in every field. My initial feeling is that a 1.3 of 5 does not instil me with any level of trust, yet their own site gives clear settings, clear business settings and the people acting against Viagogo do not go to the law, do not adjust the law, no, they come crying at the Google office front desk. Pardon my French, but how fucked up is that?

We cannot disagree with the Guardian quote: “The letter has 24 signatories, including a host of MPs, trade bodies and associations from the worlds of sports, theatre and music. Sporting bodies that have signed include the Football Association, England and Wales Cricket Board, Rugby Football Union and Lawn Tennis Association“, yet there is no mention that the law is getting broken and that had to be the first action. So why is there exactly this anti Viagogo activity? Margins? Mere legal profits? The fact that someone with Harvard and Stanford goes to scam options is just too weird at times (it does on a rare occurrence happen), or is Eric Baker merely an intelligent person who found an option, an opportunity and took that to make nice coins on the side? Is that not the setting that matters?

You see, I still see idiots all over the field having no clear idea on how to properly use digital marketing, the fact that there are those who do know what to do and they can turn opportunity into profit, which is a valid choice, it is in that setting we see the valid response from google with: “The CMA has been looking at the business practices of ticket resellers. We await the conclusion of these inquiries and we hope that they will clarify the rules in the interests of consumers. We will abide by the rulings of these inquiries and local law“, that is the actual setting and it took me 35 seconds to get there from the moment I read the title (before even finishing reading the Guardian article). It is about local law. It might not even be about the inquiry. The inquiry has no legal bearing until set in law. I is that same setting that the Daily Mail needs to be investigated, as we were treated only moments ago to: “‘Worse than a street tout’: Viagogo charges woman £3,000 for two £87 tickets to take dying father on a bucket list trip to the Last Night of the Proms“. The question becomes, why are the DPP and the CPS not all over this? We now DEMAND to see the evidence. If Viagogo was part of that, then against their own settings we might have a clear setting of law breaking, if not, then the public are entitled to see the Daily Mail to be prosecuted on all fronts. there is no ‘press protection‘ here, not in this current setting, but at that point it is more likely than not that people like Labour MP Sharon Hodgson will suddenly be too busy to look at issues around anything involving ‘the freedom of the press’ and holding the press accountable for their actions, that is how is tend to pan out.

You see, this scenario is out of what, all these accusations at almost the same time, with the Daily Mail ‘hiding’ (or is that using) a kidney cancer case, with tickets merely 2 days old, it is all happening at the same time. If that is the case and the DPP and CPS are not all over this in 5-10 hours, the UK has a much bigger issue, a systemic failure of the law on several fronts and that needs to be addressed now, whilst the first question is not merely: ‘was the law broken?‘ The issue then instantly becomes ‘How many parties have been negligent in all this, and what are their names?

At that point, when that is proven then Labour MP Sharon Hodgson has a case that demands here to be in the limelight, not before and we better get to see some real answers, not some lame ‘we will look into the matter and make proper changes‘, because at that point, I will seek out Eric H. Baker myself, seeking some funding to set up digital campaigns of my own, demanding the removal from office of Labour MP Sharon Hodgson as she is seemingly too unfit for public office. I can get such a campaign started for a mere £35 a day, giving that campaign optionally 20-30 thousand views a day. With all the profits he is making, he might be up for that, did you consider that path Sharon? And in hindsight, in this inquiry, how much time and effort are you taking in regards to StubHub, Ticketmaster, Seatwave, CTs Eventim and Ticketbis? Did any of those raise flags?

You see, I do not oppose such an inquiry, I do not oppose that he law is adjusted making reselling of tickets to be illegal, and that is a valid step to take. Is it not weird that those steps cannot be found? Oh, there is that. You see the setting we get with: “UK law stipulates that the re-sale of concert tickets is not in itself illegal. But it is an offence to sell tickets in the street without a trading licence“. So there we see the first part and if Viagogo has that, we also see the flaw in the entire setting from the start. So when we consider that setting the law was a first requirement, we see the absence of the DPP and CPS and also a first indicator that Labour MP Sharon Hodgson is unfit for public office. That did not take long, did it?

I loved the article by Rob Davies. It made me question parts and that is always a good thing. Yet, when we see all this, we need to ask the Football Association, England and Wales Cricket Board, Rugby Football Union, Lawn Tennis Association, UK Music chief executive Michael Dugher and Music Managers Forum chief Annabella Coldrick, the Society of London Theatre and UK Theatre a simple question: ‘Have you sponsored a bill to make reselling of tickets illegal?‘ If not: ‘Why not?‘ Those are the questions that matter, but are we seeing those questions asked and answered?

It was that simple and crying at the front desk of Google was merely a waste of everyone’s time, plain and simple. I am not friend of Viagogo, I would have personally never gone there, not for one or the other, just because I would have taken the path of the actual venue location and the official venue website, and in all this is it not interesting that when we are confronted with the Daily Mail part: ‘Hannah Maturin, 30, wanted to take her frail father John to see the Last Night of the Proms‘, that she decided to allegedly pay £2959 over £174 and decided not to call the Royal Albert Hall first with her dad being in such a state? It is what I would have done. And we see all this news at the SAME TIME? How is this level of orchestration going for you? So much common sense absent from so many players and no one is asking the question: ‘Why is that?

#ItMustBeMe

 

Advertisements

Leave a comment

Filed under Finance, IT, Law, Media, Politics, Science

Targeting the FBI

Do not worry, the FBI is not under attack from any hostile force, in this particular case it is me who will be on the offensive regarding statements made in 2014. Let me explain why. To get to the start of this event, we need to take a step back, to be a little more precise we need to turn to the moment 645 days ago when we read that Sony got hacked, it got hacked by none other than North Korea. It took me around an hour to stop laughing, the stomach cramps from laughter are still on my mind when I think back to that day. By the way, apart from me having degrees in this field. People a lot more trustworthy in this field, like Kim Zetter for Wired Magazine and Kurt Stammberger from cyber security firm Norse. The list of sceptics as well as prominent names from the actual hacking world, they all had issues with the statements.

We had quotes from FBI Director James Comey on how tightly internet access is controlled there (which is actually true), and (at https://www.fbi.gov/news/pressrel/press-releases/update-on-sony-investigation) we see “the FBI now has enough information to conclude that the North Korean government is responsible for these actions“. I am pretty sure that the FBI did not expect that this would bite them down the track. This all whilst they rejected the alternate hack theory that Cyber Intelligence firm Norse gave (at http://www.politico.com/story/2014/12/fbi-rejects-alternate-sony-hack-theory-113893). Weirdly enough, the alternative option was no less than ten times more possible then the claim that some made. Another claim to have a giggle at came from Homeland Security, the quote was “The cyber-attack against Sony Pictures Entertainment was not just an attack against a company and its employees. It was also an attack on our freedom of expression and way of life“, which is a political statement that actually does not say much. The person making it at the time was Jeh Johnson.

You see, this is all coming to light now for the weirdest of reasons. The Guardian (at https://www.theguardian.com/world/2016/sep/21/north-korea-only-28-websites-leak-official-data). The subtitle gives us “Apparent error by a regime tech worker gave the world a rare glimpse into the few online sources of information available“, so one of these high profile worldly infamous hackers got a setting wrong and we get “But its own contribution to the world wide web is tiny, according to a leak that revealed the country has just 28 registered domains. The revelation came after one of North Korea’s top-level name servers was incorrectly configured to reveal a list of all the domain names under the domain .kp“, you see, here we see part of the fun that will now escalate.

In this I invite NSA director Admiral Michael Rogers and FBI Director James Comey to read this, take note, because it is a free lesson in IT (to some extent). It is also a note for these two to investigate what talents their agencies actually have and to get rid of those who are kissing your sitting area for political reasons (which is always good policy). When  the accused nation has 28 websites, it is, I agree not an indication of other internet elements, but let me add to this.

The need to prototype and test any kind of malware and the infrastructure that could actually be used against the likes of Sony might be routed via North-Korea, but could never originate there. The fact that your boffins can’t tell the difference is a clear given that the cyber branch of your organisations are not up to scrap. In that case it is now imperative that you both contact Major General Christopher P. Weggeman, who is the Commander, 24th Air Force and Commander, Air Forces Cyber (AFCYBER). He should most likely be at Lackland Air Force Base, and the phone number of the base is (210) 671-1110. I reckon setting up a lunch meeting and learn a thing or two is not entirely unneeded. This is not me being sarcastic, this is me telling you two that the case was mishandled, got botched and now that due to North Korean ‘expertise’, plenty of people will be asking questions. The time requirement to get the data that got taken was not something that happened overnight. For the simple reason that that much data would have lit up an internet backbone and ever log alarm would have been ringing. The statement that the FBI made “it was unlikely that a third party had hijacked these addresses without allowance from the North Korean government” was laughable because of those pictures where we saw the Korean high-command behind a desktop system with a North Korean President sitting behind what is a mere desktop that has the computation equivalent of a Cuisena Egg Beater ($19.95 at Kitchen Warehouse).

Now, in opposition, I sit myself against me. You see, this might just be a rant, especially without clarification. All those North Korean images could just be misdirection. You see, to pull of the Sony caper you need stimulation, like a student would get at places like MIT, Stanford, or UTS. Peers challenging his solutions and blocking success, making that person come up with smarter solutions. Plenty of nations have hardware and challenging people and equipment that could offer it, but North Korea does not have any of that. The entire visibility as you would see from those 28 domains would have required to be of much higher sophistication. You see, for a hacker, there needs to be a level of sophistication that is begotten from challenge and experience. North Korea has none of that. Evidence of that was seen a few years ago when in 2012 in Pyongyang I believe, a press bus took a wrong turn. When some reporters mentioned on how a North Korean (military I believe) had no clue on smartphones. I remember seeing it on the Dutch NOS News program. The level of interaction and ignorance within a military structure could not be maintained as such the military would have had a clue to a better extent. The ignorance shown was not feigned or played, meaning that a technological level was missing, the fact that a domain setting was missed also means that certain monitoring solutions were not in place, alerting those who needed to on the wrongful domain settings, which is essential in regards to the entire hacking side. The fact that Reddit and several others have screenshots to the degree they have is another question mark in all this last but not least to those who prototype hacking solutions, as they need serious bandwidth to test how invisible they are (especially regarding streaming of Terabytes of Sony data), all these issues are surfacing from this mere article that the Guardian might have placed for entertainment value to news, but it shows that December 2014 is a very different story. Not only does it have the ability to exonerate the

We see a final quote from Martyn Williams, who runs the North Korea Tech blog ““It’s important to note this isn’t the domain name system for the internal intranet,” Williams wrote. “That isn’t accessible from the internet in any way.”” which is true to some extent. In that case take a look to the PDF (at https://www.blackhat.com/presentations/bh-usa-07/Grossman/Whitepaper/bh-usa-07-grossman-WP.pdf) from WhiteHat security. On page 4 we get “By simply selecting common net-block, scans of an entire Class-C range can be completed in less than 60 seconds“, yes, I agree you do not get that much info from that, but it gives us to some extent usage, you see, if something as simple as a domain setting is wrong, there is a massive chance that more obscure essential settings on intranet level have been missed, giving the ‘visitor’ options to a lot more information than most would expect. Another matter that the press missed (a few times), no matter how Time stated that the world was watching (at http://time.com/3660757/nsa-michael-rogers-sony-hack/), data needs to get from point to point, usually via a router, so the routers before it gets to North Korea, what were those addresses, how much data got ported through?

You see, the overreaction from the FBI, Homeland Security, NSA et al was overly visible. The political statements were so out in the open, so strong, that I always wondered: what else? You see, as I see it, Sony was either not the only one who got hacked, or Sony lost something else. The fact that in January 2015 Sony gave the following statement “Sony Entertainment is unable to confirm that hackers have been eradicated from its computer systems more than a month after the film studio was hit by a debilitating cyber-attack, a report says“, I mentioned it in my article ‘Slander versus Speculation‘ (at https://lawlordtobe.com/2015/01/03/slander-versus-speculation/). I thought it was the weirdest of statements. Basically, they had almost 3 weeks to set up a new server, to monitor all data traffic, giving indication that not only a weird way was used to get to the data (I speculated on an option that required it to be an inside job), yet more important, the fact that access had not been identified, meaning it was secured gave way to the issue that the hackers could have had access to more than just what was published. That requires a little bit more explanation. You see, as I personally see it, to know a transgressor we need to look at an oversimplified equation: ‘access = valid people + valid systems + threats‘ if threats cannot be identified, the issue could be that more than one element is missing, so either you know all the access, you know all the people and you know the identity of valid systems. Now at a place like Sony it is not that simple, but the elements remain the same. Only when more than one element cannot be measured do you get the threats to be a true unknown. That is at play then and it is still now. So if servers were compromised, Sony would need a better monitoring system. It’s my personal belief (and highly speculative) that Sony, like many other large companies have been cutting corners so certain checks and balances are not there, which makes a little sense in case of Sony with all those new expansions corners were possibly cut and at that point it had an IT department missing a roadmap, meaning the issue is really more complex (especially for Sony) because systems are not aligned. Perhaps that is the issue Sony had (again this is me speculating on it)?

What is now an issue is that North Korea is showing exactly as incapable as I thought it was and there is a score of Cyber specialists, many of them a lot bigger then I will ever become stating the same. I am not convinced it was that simple to begin with, for one, the amount of questions the press and others should have been asking regarding cloud security is one that I missed reading about and certain governmental parts in the US and other nations have been pushing for this cheaper solution, the issue being that it was not as secure as it needed to be, yet the expert levels were not on par so plenty of data would have been in danger of breaching. The question I had then and have now a lot louder is: “Perhaps Sony showed that cloud server data is even less secure than imagined and the level required to get to it is not as high as important stakeholders would need it to be“. That is now truly a question that matters! Because if there is any truth to that speculation, than the question becomes how secure is your personal data an how unaware are the system controllers of those cloud servers? The question not asked and it might have been resolved over the last 645 days, yet if data was in danger, who has had access and should the people have been allowed to remain unaware, especially if it is not the government who gained access?

Questions all worthy of answers, but in light of ‘statements made’ who can be trusted to get the people properly informed? Over the next days as we see how one element (the 28 sites) give more and more credible views on how North Korea was never the culprit, the question then becomes: who was? I reckon that if the likely candidates (China, Russia, UK and France) are considered there might not be an issue at all, apart from the fact that Sony needs to up their Cyber game, but if organised crime got access, what else have they gotten access to?

It is a speculative question and a valid one, for the mere reason that there is at present no valid indication that the FBI cyber unit had a decent idea, especially in light of the official response towards cyber security firm Norse what was going on.

Could I be wrong?

That remains a valid question. Even when we accept that the number of websites are no indication of Intranet or cybersecurity skills, they are indicative, when a nation has less websites than some third world villages, or their schools have. It is time to ask a few very serious questions, because skills only remain so through training and the infrastructure to test and to train incursions on a WAN of a Fortune 500 company is not an option, even if that person has his or her own Cray system to crunch codes. It didn’t make sense then and with yesterday’s revelation, it makes even less sense.

Finally one more speculation for the giggle within us all. This entire exercise could have been done to prevent ‘the Interview’ to become a complete flop. You know that movie that ran in the US in 581 theatres and made globally $11,305,175 (source: Box Office Mojo), basically about 10% of what Wolf of Wall Street made domestically.

What do you think?

 

Leave a comment

Filed under IT, Media, Military, Politics, Science