Tag Archives: The Interview

Targeting the FBI

Do not worry, the FBI is not under attack from any hostile force, in this particular case it is me who will be on the offensive regarding statements made in 2014. Let me explain why. To get to the start of this event, we need to take a step back, to be a little more precise we need to turn to the moment 645 days ago when we read that Sony got hacked, it got hacked by none other than North Korea. It took me around an hour to stop laughing, the stomach cramps from laughter are still on my mind when I think back to that day. By the way, apart from me having degrees in this field. People a lot more trustworthy in this field, like Kim Zetter for Wired Magazine and Kurt Stammberger from cyber security firm Norse. The list of sceptics as well as prominent names from the actual hacking world, they all had issues with the statements.

We had quotes from FBI Director James Comey on how tightly internet access is controlled there (which is actually true), and (at https://www.fbi.gov/news/pressrel/press-releases/update-on-sony-investigation) we see “the FBI now has enough information to conclude that the North Korean government is responsible for these actions“. I am pretty sure that the FBI did not expect that this would bite them down the track. This all whilst they rejected the alternate hack theory that Cyber Intelligence firm Norse gave (at http://www.politico.com/story/2014/12/fbi-rejects-alternate-sony-hack-theory-113893). Weirdly enough, the alternative option was no less than ten times more possible then the claim that some made. Another claim to have a giggle at came from Homeland Security, the quote was “The cyber-attack against Sony Pictures Entertainment was not just an attack against a company and its employees. It was also an attack on our freedom of expression and way of life“, which is a political statement that actually does not say much. The person making it at the time was Jeh Johnson.

You see, this is all coming to light now for the weirdest of reasons. The Guardian (at https://www.theguardian.com/world/2016/sep/21/north-korea-only-28-websites-leak-official-data). The subtitle gives us “Apparent error by a regime tech worker gave the world a rare glimpse into the few online sources of information available“, so one of these high profile worldly infamous hackers got a setting wrong and we get “But its own contribution to the world wide web is tiny, according to a leak that revealed the country has just 28 registered domains. The revelation came after one of North Korea’s top-level name servers was incorrectly configured to reveal a list of all the domain names under the domain .kp“, you see, here we see part of the fun that will now escalate.

In this I invite NSA director Admiral Michael Rogers and FBI Director James Comey to read this, take note, because it is a free lesson in IT (to some extent). It is also a note for these two to investigate what talents their agencies actually have and to get rid of those who are kissing your sitting area for political reasons (which is always good policy). When  the accused nation has 28 websites, it is, I agree not an indication of other internet elements, but let me add to this.

The need to prototype and test any kind of malware and the infrastructure that could actually be used against the likes of Sony might be routed via North-Korea, but could never originate there. The fact that your boffins can’t tell the difference is a clear given that the cyber branch of your organisations are not up to scrap. In that case it is now imperative that you both contact Major General Christopher P. Weggeman, who is the Commander, 24th Air Force and Commander, Air Forces Cyber (AFCYBER). He should most likely be at Lackland Air Force Base, and the phone number of the base is (210) 671-1110. I reckon setting up a lunch meeting and learn a thing or two is not entirely unneeded. This is not me being sarcastic, this is me telling you two that the case was mishandled, got botched and now that due to North Korean ‘expertise’, plenty of people will be asking questions. The time requirement to get the data that got taken was not something that happened overnight. For the simple reason that that much data would have lit up an internet backbone and ever log alarm would have been ringing. The statement that the FBI made “it was unlikely that a third party had hijacked these addresses without allowance from the North Korean government” was laughable because of those pictures where we saw the Korean high-command behind a desktop system with a North Korean President sitting behind what is a mere desktop that has the computation equivalent of a Cuisena Egg Beater ($19.95 at Kitchen Warehouse).

Now, in opposition, I sit myself against me. You see, this might just be a rant, especially without clarification. All those North Korean images could just be misdirection. You see, to pull of the Sony caper you need stimulation, like a student would get at places like MIT, Stanford, or UTS. Peers challenging his solutions and blocking success, making that person come up with smarter solutions. Plenty of nations have hardware and challenging people and equipment that could offer it, but North Korea does not have any of that. The entire visibility as you would see from those 28 domains would have required to be of much higher sophistication. You see, for a hacker, there needs to be a level of sophistication that is begotten from challenge and experience. North Korea has none of that. Evidence of that was seen a few years ago when in 2012 in Pyongyang I believe, a press bus took a wrong turn. When some reporters mentioned on how a North Korean (military I believe) had no clue on smartphones. I remember seeing it on the Dutch NOS News program. The level of interaction and ignorance within a military structure could not be maintained as such the military would have had a clue to a better extent. The ignorance shown was not feigned or played, meaning that a technological level was missing, the fact that a domain setting was missed also means that certain monitoring solutions were not in place, alerting those who needed to on the wrongful domain settings, which is essential in regards to the entire hacking side. The fact that Reddit and several others have screenshots to the degree they have is another question mark in all this last but not least to those who prototype hacking solutions, as they need serious bandwidth to test how invisible they are (especially regarding streaming of Terabytes of Sony data), all these issues are surfacing from this mere article that the Guardian might have placed for entertainment value to news, but it shows that December 2014 is a very different story. Not only does it have the ability to exonerate the

We see a final quote from Martyn Williams, who runs the North Korea Tech blog ““It’s important to note this isn’t the domain name system for the internal intranet,” Williams wrote. “That isn’t accessible from the internet in any way.”” which is true to some extent. In that case take a look to the PDF (at https://www.blackhat.com/presentations/bh-usa-07/Grossman/Whitepaper/bh-usa-07-grossman-WP.pdf) from WhiteHat security. On page 4 we get “By simply selecting common net-block, scans of an entire Class-C range can be completed in less than 60 seconds“, yes, I agree you do not get that much info from that, but it gives us to some extent usage, you see, if something as simple as a domain setting is wrong, there is a massive chance that more obscure essential settings on intranet level have been missed, giving the ‘visitor’ options to a lot more information than most would expect. Another matter that the press missed (a few times), no matter how Time stated that the world was watching (at http://time.com/3660757/nsa-michael-rogers-sony-hack/), data needs to get from point to point, usually via a router, so the routers before it gets to North Korea, what were those addresses, how much data got ported through?

You see, the overreaction from the FBI, Homeland Security, NSA et al was overly visible. The political statements were so out in the open, so strong, that I always wondered: what else? You see, as I see it, Sony was either not the only one who got hacked, or Sony lost something else. The fact that in January 2015 Sony gave the following statement “Sony Entertainment is unable to confirm that hackers have been eradicated from its computer systems more than a month after the film studio was hit by a debilitating cyber-attack, a report says“, I mentioned it in my article ‘Slander versus Speculation‘ (at https://lawlordtobe.com/2015/01/03/slander-versus-speculation/). I thought it was the weirdest of statements. Basically, they had almost 3 weeks to set up a new server, to monitor all data traffic, giving indication that not only a weird way was used to get to the data (I speculated on an option that required it to be an inside job), yet more important, the fact that access had not been identified, meaning it was secured gave way to the issue that the hackers could have had access to more than just what was published. That requires a little bit more explanation. You see, as I personally see it, to know a transgressor we need to look at an oversimplified equation: ‘access = valid people + valid systems + threats‘ if threats cannot be identified, the issue could be that more than one element is missing, so either you know all the access, you know all the people and you know the identity of valid systems. Now at a place like Sony it is not that simple, but the elements remain the same. Only when more than one element cannot be measured do you get the threats to be a true unknown. That is at play then and it is still now. So if servers were compromised, Sony would need a better monitoring system. It’s my personal belief (and highly speculative) that Sony, like many other large companies have been cutting corners so certain checks and balances are not there, which makes a little sense in case of Sony with all those new expansions corners were possibly cut and at that point it had an IT department missing a roadmap, meaning the issue is really more complex (especially for Sony) because systems are not aligned. Perhaps that is the issue Sony had (again this is me speculating on it)?

What is now an issue is that North Korea is showing exactly as incapable as I thought it was and there is a score of Cyber specialists, many of them a lot bigger then I will ever become stating the same. I am not convinced it was that simple to begin with, for one, the amount of questions the press and others should have been asking regarding cloud security is one that I missed reading about and certain governmental parts in the US and other nations have been pushing for this cheaper solution, the issue being that it was not as secure as it needed to be, yet the expert levels were not on par so plenty of data would have been in danger of breaching. The question I had then and have now a lot louder is: “Perhaps Sony showed that cloud server data is even less secure than imagined and the level required to get to it is not as high as important stakeholders would need it to be“. That is now truly a question that matters! Because if there is any truth to that speculation, than the question becomes how secure is your personal data an how unaware are the system controllers of those cloud servers? The question not asked and it might have been resolved over the last 645 days, yet if data was in danger, who has had access and should the people have been allowed to remain unaware, especially if it is not the government who gained access?

Questions all worthy of answers, but in light of ‘statements made’ who can be trusted to get the people properly informed? Over the next days as we see how one element (the 28 sites) give more and more credible views on how North Korea was never the culprit, the question then becomes: who was? I reckon that if the likely candidates (China, Russia, UK and France) are considered there might not be an issue at all, apart from the fact that Sony needs to up their Cyber game, but if organised crime got access, what else have they gotten access to?

It is a speculative question and a valid one, for the mere reason that there is at present no valid indication that the FBI cyber unit had a decent idea, especially in light of the official response towards cyber security firm Norse what was going on.

Could I be wrong?

That remains a valid question. Even when we accept that the number of websites are no indication of Intranet or cybersecurity skills, they are indicative, when a nation has less websites than some third world villages, or their schools have. It is time to ask a few very serious questions, because skills only remain so through training and the infrastructure to test and to train incursions on a WAN of a Fortune 500 company is not an option, even if that person has his or her own Cray system to crunch codes. It didn’t make sense then and with yesterday’s revelation, it makes even less sense.

Finally one more speculation for the giggle within us all. This entire exercise could have been done to prevent ‘the Interview’ to become a complete flop. You know that movie that ran in the US in 581 theatres and made globally $11,305,175 (source: Box Office Mojo), basically about 10% of what Wolf of Wall Street made domestically.

What do you think?

 

Advertisements

Leave a comment

Filed under IT, Media, Military, Politics, Science

Last Clooney of the year

My idea of stopping my writing until the new year has truly been bombarded into a sense of that what is not meant to be, so back to the keyboard I go. One reason is the article ‘‘Nobody stood up’: George Clooney attacks media and Hollywood over Sony hack fallout’ (at http://www.theguardian.com/film/2014/dec/19/george-clooney-sony-pictures-hack-the-interview), which I missed until this morning. So has the actor from ER become this outspoken because of his marriage to Human rights lawyer Amal Alamuddin? Nah! That would be incorrect, he has been the champion of major causes for a long time, outspoken, thinking through and definitely a clever cookie with a passion for Nespresso!

The article kicks off with a massive strike towards to goal of any opponent “George Clooney has spoken of his frustrations with the press and his Hollywood peers at failing to contain the scandal around The Interview, which Sony has pulled from cinema release as well as home-video formats“. It goes a lot deeper then he spoke it does, perhaps he fathomed the same issues I have had for some time now, some mentioned in my previous blog ‘When movies fall short‘ (at https://lawlordtobe.com/2014/12/15/when-movies-fall-short/), two weeks ago.

I will take it one-step further, several players (not just Sony) have been skating at the edge of competence for some time now, as I see it, they preferred contribution (revenue minus costs) regarding issues of security. It remains debatable whether this was intentional or just plain short-sightedness, that call requires levels of evidence I have no access to.

By the way, Mr. Clooney, you do realise that this topic has the making of an excellent movie, not unlike the largely unnoticed gem ‘Margin Call‘ with Kevin Spacey, Paul Bettany and Zachary Quinto.

The one quote I object to (to some extent) is “With just a little bit of work, you could have found out that it wasn’t just probably North Korea; it was North Korea … It’s a serious moment in time that needs to be addressed seriously, as opposed to frivolously”. You see, the inside job is a much more likely part. Yes, perhaps it was North Korea (requiring evidence), yet this would still not be the success they proclaim it to be without the inside information from disgruntled (or greedy) employees. In addition to the faltering security Sony has needed to ‘apologise’ for twice now (the Sony PSN hack of 2011), none of which was correctly covered by the press regarding this instance either. There was the press gap of November 2013, so we have at least two events where the press catered with silence, but at the price (read: reward) of….?

Yet the part: “He joins others who voiced their dismay at Sony’s decision, including Stephen King, Judd Apatow and Aaron Sorkin. Rob Lowe, who has a small role in The Interview, compared Sony to British prime minister Neville Chamberlain and his capitulation to Nazi Germany before the second world war“, is more than just a simple truth, it shows a fear of venue, cater to the profit. Chamberlain was from the old era and he failed to perceive the evil that Adolf Hitler always was. That view was partially shown by Maggie Smith in ‘Tea with Mussolini‘ too, yet the opposite was strongly shown in Remains of the Day, when Christopher Reeve as Jack Lewis states: “You are, all of you, amateurs. And international affairs should never be run by gentlemen amateurs. Do you have any idea of what sort of place the world is becoming all around you? The days when you could just act out of your noble instincts, are over. Europe has become the arena of realpolitik, the politics of reality. If you like: real politics. What you need is not gentlemen politicians, but real ones. You need professionals to run your affairs, or you’re headed for disaster!

This hits the Sony issue straight on the head. Not that the Gigabytes of data are gone, but that they got access to this data at all. IT requires a new level of professionals and innovator, a lesson that is yet to be learned by those having collected Exabyte’s of data. It is a currency that is up for the taking with the current wave of executives that seem to lack comprehension of this currency. Almost like the 75-year-old banker who is introduced to a bitcoin, wondering where the gold equivalent is kept. The new order will be about IP, Data and keeping both safe. So, it is very much like the old Chamberlain and Hitler equation, we can see Chamberlain, but we cannot identify the new Hitler because he/she is a virtual presentation of an identity somewhere else. Likely, a person in multiple locations, a new concept not yet defined in Criminal Law either, so these people will get away with it for some time to come.

Yet the final part also has bearing “Clooney was one of the Hollywood stars embarrassed by emails being leaked as part of the hack. Conversations between him and Sony executives showed his anxiety over the middling reception for his film The Monuments Men, with Clooney writing: “I fear I’ve let you all down. Not my intention. I apologize. I’ve just lost touch … Who knew? Sorry. I won’t do it again.”“, personally he had no reason to be embarrassed, when your boss spills the beans (unable to prevent security), do you blame the man or the system that is this flawed?

Why has it bearing? Simple, he shows to be a man who fights and sometimes fails. He states to do better, just as any real sincere person would be, a real man! By the way, since 2011 Sony still has to show such levels of improvement. A lacking view from the people George Clooney served in a project, so we should not ignore the need to look at those behind the screens and the press should take a real hard look at what they report and on where their sources are, that same press that has not scrutinised its sources for some time. When was the last time we asked the press to vouch for ‘sources told us‘?

Consider the quote “We cannot be told we can’t see something by Kim Jong-un, of all fucking people … we have allowed North Korea to dictate content, and that is just insane“. As I mentioned in the previous blog, with the bulk of the intelligence community keeping their eyes on North Korea, why is there no clear evidence that North Korea did this? Not just the US both United Kingdom and France have access to an impressive digital arsenal, none have revealed any evidence. Consider that the École polytechnique under supervision of French defence is rumoured to be as savvy as GCHQ, can anyone explain how those three cannot see clearly how North Korea did this? So, either, North Korea is innocent and just surfing the waves of visibility, or the quote by George Clooney in the Guardian “the world just changed on your watch, and you weren’t even paying attention” would be incorrect. The quote would be “the world just changed on your watch, and those in charge do not comprehend the change“. In my view of Occam’s razor, the insider part is much more apt, the other option is just way to scary, especially as the IT field is one field where North Korea should be lacking on several fronts.

I will let you decide, have a wonderful New Year’s eve!

Leave a comment

Filed under Finance, IT, Law, Media, Military, Politics

When movies fall short

There is nothing as intensely satisfying as when we are confronted with a reality that is a lot more entertaining than a movie would be. Those are moments you live for, that is unless you are a part of Sony and it is your system getting hacked. Life tends to suck just a little at that point.

This is not the latest story to look at, but in light of the elements that have been visibly resolved, it is the best one around. Some will state that the Hostage story in Martin’s Place, Sydney is the big issue, but that is an event that is getting milked for every second possible by the media, I checked! The price of chocolate remains unaffected, so let’s move on to Sony!

The first part is seen in the article ‘Sony hack would have challenged government defences – FBI’ (at http://www.theguardian.com/technology/2014/dec/12/sony-hack-government-defences-fbi), those who think it is new news seem to have forgotten the issues people had in May 2011 (at http://uk.playstation.com/psn/news/articles/detail/item369506/PSN-Qriocity-Service-Update/). “As the result of a criminal cyber-attack on the company’s data centre located in San Diego, California, USA, SNEI shut down the PlayStation Network and Qriocity services on 20 April 2011, in order for the company to undergo an investigation and make enhancements to the overall security of the network infrastructure” 77 million accounts were compromised and the perpetrators got away with a truckload of data.

So when we see the quote “The cyber-attack that crippled Sony Pictures, led to theft of confidential data and leak of movies on the internet would have challenged almost any cyber security measures, the US Federal Bureau of Investigation (FBI) has said“, we should consider the expression once bitten twice shy and not, when bitten use antiseptic, go into denial and let it be done to your network again.

The fact that this revolves around another branch of Sony is just ludicrous, it’s like listening to a prostitute stating that the sick man used the other entrance this time, so we need not worry! If you think that this is an over the top graphical expression, consider that twice in a row that the personal details of millions in the form of data ‘leaked’ to somewhere.

The second quote will not make you feel any safer ““In speaking with Sony and separately, the Mandiant security provider, the malware that was used would have slipped or probably got past 90% of internet defences that are out there today in private industry and [would have] challenged even state government,” Joseph Demarest, assistant director of the FBI’s cyber division told a US Senate hearing“, as we know that governments tend to be sloppy with their technology as they do not have the budgets the bulk of commercial enterprises get, we can look at the quote and regard the statement to be a less serious expression of ‘do we care’, which is nothing compared to the ignored need to keep personal data safe.

You see, commercial enterprises have gotten sloppy. getting newly graduates to look into a system where you need seasoned veterans and you need a knowledge base and a good setup, all factors that seem to be in ‘denial’ with a truckload of companies the size of Sony, as they are all cutting corners so that they can project revenue and contributions in line with the ‘market expectations’.

The quote that becomes interesting is “A link between Gop and North Korea has been muted over Pyongyang’s reaction to the Sony Pictures film The Interview, which depicts an assassination attempt on Kim Jong-un“, so is this group calling itself Guardians of Peace (Gop), the ‘simpleton’ group they are trivialised to be, or is there more. You see, we see a growing abundance of data collections that seem to go nowhere, but is this truly the case? You see, data is money, it is a currency that can be re-used several times, the question becomes, finding someone willing to buy it. If we regard the 2 billion Microsoft paid for Minecraft to be more than just the IP of the sandbox game, then what is it? Which part of that 2 billion is seen as value for the 120 million registered users on PC? Do you now see the currency we are confronted with?

In my book the Sony exercise is a display of the expression ‘a fool and his money are soon parted‘. In light of the 2011 issue, the fact that security was increased to the extent that it could be done again makes for entertainment on a new level, in addition, like a bad infomercial it does not stop here, no! For $9.95 you get so much more then you see now. That we see in the article that was published two days before that (at http://www.theguardian.com/technology/2014/dec/10/fbi-doubts-north-korea-link-sony-pictures-hack). The part that should make you howl like a hyena is seen here “The security firm hired by Sony to investigate the attack, FireEye, described the attack as an “unparalleled and well-planned crime, carried out by an organised group, for which neither SPE nor other companies could have been fully prepared” in a leaked report“, So did you notice ‘unparalleled and well-planned crime‘ and ‘leaked report‘, oh sarcasm, thy name be Miss Snigger Cackle!

The leaked report, which was from the 7th of December (at http://recode.net/2014/12/07/sony-describes-hack-attack-as-unprecedented/) gives us “demanding that organizations which have obtained the leaked information avoid publishing any more material from the hackers, and destroy existing copies. Boies called it “stolen information.”“, you see, the issue here is that if we consider the quote “This attack is unprecedented in nature. The malware was undetectable by industry standard antivirus software and was damaging and unique enough to cause the FBI to release a flash alert to warn other organizations of this critical threat“, so even after the malware, info was still going past the firewall, or was this just ‘leaked’ by an internal source? It takes a little twist when we look at the quote in the December 10th article “The malware had been signed and authorised by Sony Pictures, allowing it to bypass certain security checks“, in my mind this reads as follows: ‘Some idiot gave a pass to malware to roam free on the system‘, so is it that, or was this an internal operation all along? If the second part is true, then who was the beneficiary of all that private data? Who is it means for? You see, many forget that our information is not always for stealing from our credit cards, sometimes it is used to profile us, as a customer, as marketing or as leverage. Why the word leverage? Consider healthcare, consider usage, what happens when an insurance company gets to profile 20 million couch potatoes, what if your healthcare premium suddenly goes up by 15%, do you have any idea how much money that is? So as insurance companies keep the leveraged margins of charge, whilst overcharging risks in addition, we see a growing margin of profit for these insurance companies, whilst getting them to pay for what you are insured for has not gotten any easier has it?

So is this simply a cinematography from Sony Pictures film, called The Interview, which depicts an assassination attempt on Kim Jong-un, or was that the smoke screen? The FBI seems to have ruled out North Korea, as far as I have been able to tell, the only fans of North Korea are the North Koreans and Dennis Rodman (who has no fame in any IT endeavour), so is there enough doubt regarding the reality of what happened and why it happened? Yes, as I see it there is, the question becomes, when there is this much smoke, where are we not looking? That part is to some extent seen in another Guardian Article (at http://www.theguardian.com/film/2014/dec/12/hackers-attack-film-studios-sony-pictures-leak-cybersecurity-warning). We see this quote “Sean Sullivan, senior adviser and researcher at the security company F-Secure, said that he believes the purpose of the Sony hack was extortion. “If it was just hacktivists, they’d have released everything all at once,” he said. “But these releases, it’s like they’re shooting hostages. One thing one day, another the next. This is a really different tactic from what we usually see.”“, this is certainly plausible, but is that it? Why ransom of data and sell it back with the FBI and others on your tail, when you can sell it in Hong Kong, Bangkok, Riyadh and a host of other locations. A simple transaction for an external encrypted drive, a deal you can offer to ALL parties for amount X, the more you offer, the higher X is.

Whilst our data is sold on and on, we run additional risks of getting invoiced for our lives choices and extorted by other financial firms because our privacy is no longer a given in the age of data and it is directly linked to corporations that cannot clean up their act. In the mean time we see leaked report on impossible hack successes, whilst it took only one executive to ‘accidently’ sign and authorise a mere trinket of malware.

So yes, the movies are falling short; reality can be scary and entertaining all at the same time. The question becomes, will there be a change to our invoice of life because of corporate considerations, or lack there off?

 

1 Comment

Filed under Finance, IT, Law, Media, Science