Tag Archives: US government

SET trust = 0.

Yup, we all have a stage when there is no trust, there is no confidence and we wonder the why part. In this, I had questions, so I asked the agency, but they did’t know, then I asked the FBI, I asked Langley and I asked Commander Andrew Richardson, they all gave the same story, there is No Such Agency, so I Googled them and Yes! There they were, complete with phone number (+1 301-677-2300) and all, yup, we got them, so now we get to their story (at https://breakingdefense-com.cdn.ampproject.org/c/s/breakingdefense.com/2021/04/nsa-about-to-release-unclassified-5g-security-guidance/amp/).

Via the BBC, we get ‘NSA About To Release Unclassified 5G Security Guidance’ and I started to read, the article makes a lot of sense. Which gave me “Noble’s speech highlighted the importance of zero-trust architecture in 5G networks”, and it got me thinking, the approach makes a lot of sense, just like SE-LINUX, the setting of ‘no-trust’ makes sense, especially in a world where Microsoft keeps on fumbling the ball, not merely their exchange servers, but the (what I personally see as greed driven) push towards Azure, it comes with all kinds of triggers and dangers, especially as they are ready to cater to as many people as possible, the no-trust rule is pretty much the only one that makes sense at present. I have written about the dangers more than enough. So when we are given “it’s reasonable to expect that future NSA 5G security recommendations will emphasise zero trust as a key component”, I believe that the approach has a lot of benefits, especially when such a setting can be added to anti viral and Google apps, it could increase safety to well over 34% overnight, and option never achieved before and we should all applaud such a benefit. There are a few thoughts on “NSA has characterised zero trust as “a security model, a set of system design principles, and a coordinated cybersecurity and system management strategy.” It’s a “data-center centric” approach to security, which assumes the worst — that an organisation is already breached or will be breached.” A choice that is logical and sets the cleaning directly at servers and ISP’s, and they are the backbone in some cases to close to 75% of all connections, so to set a barricade on those places makes sense, there is no debating, the choice of calling themselves No Such Agency wasn’t their best idea, but this is a game changer. 

I have been critical of the US government in all kinds of ways for years and on a few topics, yet I have to admit that this is an excellent approach to prevent things going from bad to worse, moreover, there is every chance that it will make things better for a lot of us overnight as such a system deploys, it will have a trickle down effect, making more and more systems secure. 

That one thing
Yup there is always one thing and we see the dangers when we consider Solarwinds and Microsoft (their mail server), the one part is when we rely on rollbacks and we see rollback after rollback creating a hole and optionally a backdoor, the most dangerous system is the one deemed to be safe, ask Microsoft, or their exchange server. When you believe all is safe, that is when the most damage can be made. And as the article looks at 4 parts, we see ‘Improved network resiliency and redundancy’, yes it makes sense, but rollback efforts are possibly out of that equation and when we get some people tinkering there, there is a chance that the solarwinds paradox returns, yet this time with a dangerous seal of approval by the No Such Agency, it will be the one part all criminal minds are hoping for, in this I personally hope they fail, but these buggers can be resilient, tenacious and creative, the triangle that even the Bermuda Triangle fears and that is saying something.

Leave a comment

Filed under IT, Military, Science

The wider field

There is a wider field, the field is ignored by many because it overlaps in several ways and most people (read: media) tend to stare at one element. We can argue whether it is bad or good, but it does mean that the bulk of the information is not there. To get this view we need to look at several sources. First we get the International Business Times, they give us two headlines. The first is ‘Samsung Expecting Profits Slump For Q2‘ as well as ‘Huawei Ban Helps Company Earn More‘, in one way we get an increase of revenue due to the Huawei events in the US, yet there is still a Q2 slump. There are several plays that apply, but it is not about the play as such. The firs realisation is that 5G is currently being ‘advertised as here‘ by several players and at present there is an increased question on which phone is 4G and/or 5G and most people are holding off on phones this year until that field has a better view on what is available. Most people cannot afford to buy a new phone when some new models are $1800, most people cannot afford a step like that and being tied to any provider at present is an increasingly bad step to make. Even as Huawei is 20% cheaper, it remains a lot of money, and the Google (Android) issues are still there, so people are hesitant. I might have committed myself to Huawei, but that is in part because I renewed my phone in the beginning of the year, so it has to last me 2-3 more years (I have principles towards blatantly buying new phones) and I am happy with my phone.

then there is the new stage hat is now evolving when we see CNN Business give us (at https://edition.cnn.com/2019/07/04/tech/huawei-us-ban/index.html) ‘US government asks judge to dismiss Huawei lawsuit‘, they are rightfully scared because the claim: “Huawei had filed the lawsuit in March, arguing that a law preventing US federal agencies from buying its products violates the US constitution by singling out an individual or group for punishment without trial” is almost a given, the US government made sure that every media outlet on the planet took great painstaking effort in illuminating that and now it becomes the anchor attached to their legs as they have to swim across the Pacific river (or Atlantic river). If the case goes through and discrimination is proven, the impact will be monumental, especially as no evidence was ever brought forward and if we are a nation of laws, the impact will be large, moreover, at present Huawei is still growing its pool of 5G contracts and should the Case fall on the side of Huawei, the impact on Europe will be much larger, it could signal a much larger run on trying to get a quick deal with Huawei, not because they are nice people (they optionally are), but because Huawei 5G equipment is more advanced and all the telecom players know this. Ericsson and Nokia fear that side, they had a good run due to the escalations, but Huawei is still on par to have well over 50% of 5G by themselves and that is what the US fears, that large a disadvantage because its pool of CEO’s and CTO’s were increasingly stupid, flaccid and complacent in an age where pushing innovation was essential.

The issue is not out of the room yet because there is the larger issue that everyone has not been looking at. There is still the Google issue around Android. Consider that Huawei’s Oak OS is now 60 days away from release, it is the start where people who were initially ‘forced’ to dump Android, they now will be part of the Oak OS group, a data core that involves millions from adding data to the Oak servers and no more to the Google servers. The impact seems small, but it impacts the US to a much larger degree, this stance has given China a much larger boost than ever possible. For the users it will only be a temporary setback, as apps will be supported through Oak/OS, these players will continue, yet the overhaul as people push away from android is much larger than the interaction of IOS versus Android. Consider what you need. The bulk of all android apps we use will almost immediately be available, leaving us with optionally some issues regarding LinkedIn, Facebook, WhatsApp and Instagram. Now there is a new stage where Chinese options could be considered and for the most when we can address who we need, we might not care on where we are. The idea that advertisements might initially fall away will be a massive reason to do that. I am certain that there will be a Facebook Oak and LinkedIn Oak, the rest remains open, the usage is huge but that too might be a reason to try something new, people love new things, especially if it comes with cool additions and new we see a different stage, it is not the US that matters, it is whether China has options that appeal to India and Europe, these three represent 3 billion people and there is the data crunch, they will not all go the Chinese solution, but even 10% would be massive, it would be a an intense gut punch to Google, more important over time as word of mouth make more people switch, the damage will increase for Google. Make no mistake, it will merely impact the total, it will not sink Google, it is too large, but in light of their predictions when they have 20% less data points to make predictions with, granularity becomes an issue for the professional side and there too there will be an impact, Chinese app owners will have their own digital advertisement agenda and business dictates that you cannot ignore that population, so budgets will be shortened to cover an audience as large as possible.

All that because of the Huawei ban, which was shown to be short-sighted from the very beginning. Consider that we were given in June: “Huawei can no longer pre-install Facebook apps on its smartphones after Facebook fell into line with a US ban on exporting software“, now consider that suddenly millions are offered a pre-installed WeChat and they are willing to try it, the impact on Facebook will be seen in less than 60 days, the fact that Facebook had been playing games with its mobile users for a much longer time will also entice users to give it a try. Not all will stay, but some will and the dimension of ‘some’ will imply a drop of Facebook of several million user. In addition we see “Chinese users spend an average of over 70 minutes a day within the app. All this makes it one of the most popular choices for businesses looking to get started with social media marketing in China“, yes it was overwhelmingly Chinese, yet in the shift it will now have optional access to a large Indian and European following. In addition the shift we optionally see when we realise: “WeChat allows for one-to-one personalized interaction between brands and users. This allows brands to communicate directly with their followers through the messaging functions on their account. This also allows brands to provide customer service directly through their WeChat account. It’s due to this reason that many companies in China don’t even operate traditional websites instead of focusing their efforts on constantly improving their WeChat official accounts” direct granularity towards the user, not mass marketing, but adjusted marketing for the individual, and then consider players like Tableau, Salesforce (now one and the same), SAP, Sony and Microsoft all wanting to address the person, not the masses, do you think that they will ignore this group of users? These people invest hundreds, if not thousands of dollars a day towards addressing their growing need of users, all revenue that is soon lost to Apple and Google. It goes beyond merely Facebook; Twitter and Snapchat, all have a Chinese version that now has the option to surpass (read: close the gap) towards their competitors. Surpass is perhaps the wrong word, the fact that people will consider the alternative in the immediate is a risk for these players, it sets the dangers of schools of users to switch to another pond, so those fishing for ads, visibility and awareness, they will all have to adjust the way they operate. There now are now only two parts where I have no idea how it will play out. Youku Tudou is the Chinese version of YouTube, but YouTube is so strongly placed that I have no idea how that will go, the same for LinkedIn. these are the two we cannot predict, no one can, but if they remain absent from Oak/OS something will have to budge, the question becomes how much do you need LinkedIn to be on your smartphone when you can just catch up daily at home, or in the office. I personally do not believe that its equivalent Maimai will be embraced as strongly as Maimai would hope, but that is my speculation on the matter.

Only YouTube as it is and remains the behemoth of Google, is too strong an app to ignore, it is too strongly desired, especially on smartphones, some might give Youku Tudou a try, but the library of YouTube increases with 300 hours of material every minute, there is no real competing with that, no matter how you slice that. There is no denial that their Chinese competitor will grow, but there the impact is less than a mosquito bite for YouTube, it is perhaps the one part of Google that no one seemingly can be without.

Is there another side?

Well there is always the option that everything in Google will be accessible on Huawei phones and that is for Google the best solution, but at present that part is just not a given, and when many Huawei smartphones are between 20%-40% cheaper, they will have an advantage and only because of US stupidity that impact is now optionally becoming much larger. And now the shift is changing faster, the Observer gave us on Saturday ‘UK mobile operators ignore security fears over Huawei 5G‘, when we consider the quote “The Observer understands that Huawei is already involved in building 5G networks in six of the seven cities in the UK where Vodafone has gone live. It is also helping build hundreds of 5G sites for EE, and has won 5G contracts to build networks for Three and O2 when they go live“, we see how things are escalating away from the US. the massive part in all this is “a firm line against the company amid claims, strongly denied, that it is controlled by the Chinese government and that its equipment could be used to spy on other countries and companies” all from the point of view that clear evidence was never provided and the commercial corporations need to remain on top or drown and that was the larger flaw the US never seemingly understood (or blatantly ignored). Yet the other side also matter, as the numbers are given: “The consultancy Assembly suggests a partial to full restriction on Huawei could result in an 18-to-24-month delay to the widespread availability of 5G in the UK. The UK would then fail to become a world leader in 5G – a key government target – costing the economy between £4.5bn and £6.8bn” (source: the Guardian). People tend to get nervous at a loss of millions, so the loss of £4,000,000,000 plus is something that can start cardiac arrests all over the telecom boardrooms. More important as Huawei is still ’embraced’ in Germany, the German players will get the upper hand over other European players giving a larger technological shift. The final straw was the consideration of “They have taken note of what happened last December when the O2 4G network went down for 24 hours due to problems with technology provided by the Swedish telecoms firm Ericsson“, a danger as this was 4G technology that should have been clear and non-problematic, now consider that this happened to established technology, so what optional risks are Ericsson users exposed to when in involves 5G, a technology that Nokia and Ericsson is still trying to figure out?

In all this, Huawei has not stopped adding pressure. Now that we see that less than 24 hours ago we were notified that Huawei has completed the contracts with Msheireb Properties. It seems small and insignificant, but it is not. With a smart experience centre in Qatar, it is my expectations that they are ready to approach and upgrade Al Jazeera to 5G, it is speculative but it will be the first time that Al Jazeera surpasses CNN technology (as well a Fox News), It might not matter to most of us, but to people like Nasser Al-Khelaifi (beIN Media Group) it matters a lot, so when we are informed that Al Jazeera getting ready to offer 5G streaming during the Tokyo 2020 Summer Olympics and Huawei as a Chinese company is mentioned everywhere in Tokyo, you better believe that these two are on top of making this work as fast and as quickly as possible, so when I created my base station IP, I never considered this, but it fits and that is another notch that some miss out on. Half the planet goes nuts for sports on a regular day, how nuts do you think the planet goes when ‘their nation‘ is fighting its fight (against up to 205 other nations) to be the best at the Olympics? When you get to watch that live, streaming it all at 5G, do you really think that people will care who brings it as long as it is true 5G? In several nations the brand jump was huge when 4G became real and some were not up to scrap, I believe that this time around the jump will be close to 300% larger than before, and the Tokyo Olympics will be a clear driver on that part. When 206 nations fight for the laurels (gold medals) every nationally driven sports fan tends to get a little (read: abundantly) nuts, and at present that group of people is well over 3 billion people, all factors some players did not consider when they were playing the short game, Huawei never played the short game, it gives them an advantage in several ways.

That is merely my view on the situation at present.


Leave a comment

Filed under Finance, IT, Media, Science

The next cyber wave

The news is almost two weeks old. There was no real reason to not look at it, I just missed the initial article. It happens! This is also at the heart of the issue on more than one level. Consider the quotes “The first 13-week programme for Cyber London (CyLon) will kick off in April, with a group of startups drawn from industries including defence, retail, telecoms and health services” and “On the one hand, the government is keen to invest in cyber-security startups: witness chancellor George Osborne’s announcement that GCHQ is investing “£3bn over nine years into developing the next stage of national cyber intelligence”“. So is this just about getting your fingers on a slice of this yummy slice of income? You see, this issue skates on problem that I (many others too) saw that Common Cyber Sense existed, but the bulk of companies treated it as an overhyped requirement. Yes, those managers were always so nervous when they got introduced to ‘costs’. I reckon that the Sony hack will remain the driving force for some time, in addition several business units are more and more in need for some better up to data encryption, so this cyber wave is getting some decent visibility. So as we look at the title ‘Cyber London aims to make the UK a launchpad for cyber-security startups‘ (at http://www.theguardian.com/technology/2015/jan/28/cyber-london-accelerator-cyber-security-startups).

There is no denying that the call of 9,000 million is a strong one, especially in this economy. More important, as more companies are gripped by a decent amount of fear regarding their own future, this event will be at the foundation of several longer running projects and corporations. There is of course question on what is real. That question becomes an issue when we see that even now, rumours still emerge on what happened in regards to who did the works on Sony and how it was done, especially in light that the article in Business Insider claims that the hackers still have access. The latter part will be speculated on by me later in this article.

For the most, the next cyber wave is a good thing, especially when thousands of data holders realise that their corporate future depends on keeping these systems decently safe. I use the term decently safe, because ‘complete’ safety is not something that is achievable, not on budget levels that many depend upon. Yes, security can be better and a lot of companies will invest, they will raise the threshold of many companies, yet will they raise it enough? That is at the foundation of what is about to come.

I predict that these startups are all about consultancy and some will offer products, some on safety and some on encryption. Encryption will be the next big thing, the question becomes how will encryption be properly managed? There are plenty of people who enthusiastically encrypt files and after that forget the password. So what then, all data lost? So, you see that clever solutions are needed, which will bring forth a new wave of solutions, new barriers and new bottlenecks. I wonder if these new startup firms have considered a trainings division, not one that is all about ‘their’ solutions and ‘their’ products, but all about raising proper awareness for Common Cyber Sense.

Training that is meant to give long term knowledge to people working at a firm as well as setting a proper initiation of knowledge with these companies, so that a wave of change will not start a rollercoaster of people jumping from firm to firm, a risk many companies will predict to hit them.

Now it is time for some speculation. I have been thinking on how Sony was hit. I came up with a possible idea on New Year’s Eve. When I wrote this part: “In my view of Occam’s razor, the insider part is much more apt”, my mind started to wander on how it was done.

Speculation on the Sony Hack

The inside story is on the hack of Sony, yes, there was a hack at some point, but, in my view, that is not what actually happened. a destruction was started, but that is not what started it, that is how it all ended. When I did my CCNA (2011), I had the initial idea. You see, hacking is about data at rest, so what happens when the hack is done when data is in motion? That part is often not considered, because it seemingly unmanageable, but is it? You see, when you buy the Cisco books on CCNA you get all the wisdom you need, Cisco is truly very thorough. It shows how packages are build, how frames are made and all in great detail. That wisdom can be bought with a mere $110 for two books.  Now we get to the good stuff, how hard is it to reengineer the frames into packages and after that into the actual data? Nearly all details are in these CCNA books. Now, managing hardware is different, you need some decent skills, more than I have, but the foundation of what is needed is all in the Cisco IOS. The hack would need to achieve two things.

  1. The frame that is send needed to be duplicated and ‘stored’.
  2. The ‘stored’ data needs to be transmitted without causing reason to look into spikes.

I think that ‘hackers’ have created a new level (as I mentioned before). I think that Cisco IOS was invisibly patched, patched, so that every package would be stored on the memory card in the router, in addition, the system would be set to move 2% during the day to an alternative location, at night, that percentage would be higher, like 3-5%. So overnight, most of the data would arrive at its secondary location. Normally CCNP technologists with years of experience will look into these matters, now look and investigate how many companies ACTUALLY employ CCNP or CCSI certified people. To do this, you would need one insider, someone in IT, one person to switch the compact flash card, stating 64Mb (if they still have any in existence) and put the sticker on a 512Gb Compact Flash card. Easy peasy! More important, who would ACTUALLY check the memory card for what was on it? The Cisco people will look at the startup file and only that one. The rest is easily hidden, over time the data is transferred, in the worst case, the culprit would only need to restart the routers and all activity would be completely hidden, until the coast is clear, afterwards the memory cards would be switched (if needed) and no trace of what happened would ever be there. What gave me the idea? Well I wondered about something similar, but most importantly, when I did my CCNA, the routers had 64Mb cards, I was amazed, because these suckers are no longer made, go to any shop and I would be surprised if you can even find any compact flash card smaller than 16Gb. Consider a place where Gb’s of data could be hidden under the eyes of everyone, especially as Cisco IOS has never been about file systems.

When the job was finished, the virus could be released damaging whatever they can, when cleanup starts, every aspect would be reset and wiped, whatever the culprit might have forgotten, the cleaning team might wipe.

So this is my speculation on how it was done, more importantly, it gives credibility to the claims that the hacks are still going on and the fact that no one has a clue how data was transferred, consider that this event was brokered over weeks, not in one instance, who else is getting their data syphoned? More importantly have these people involved in this next cyber wave considered this speculated path of transgression? If not, how safe would these systems end up being?

Let’s not forget that this was no easy feat. The system had to be re-programmed to some extent, no matter how enabling Cisco IOS is, this required top notch patches, which means that it required a CCSI or higher to get it done, more important would be the syphoning of the data in such a way that there would be no visible spike waking any eager beaver to prove themselves. That would require spiffy programming. Remember! This is all speculation; there is no evidence that this is what happened.

Yes, it is speculation and it might not be true, but at least I am not pointing the finger at a military force that still does artillery calculations with an abacus (another assumption on my side).

There are a few issues that remain, I think upping corporate awareness of Common Cyber Sense makes all the sense in the world, I reckon that the entire Cyber Security event in London is essential and it is good to have it in the Commonwealth. This industry will be at the foundation of growth when the economy picks up, having the UK play a centre role is good strategy and if it does evolve in the strongest way, a global financial node with improved cyber protection will lead to more business and possible even better business opportunities. This event also gives weight and view to my writing on January 29th and a few other occasions “As small innovators are given space to proceed and as larger players are denied blocking patents to force amalgamation of the true visionary into their moulding process that is the moment when economies will truly move forward. That is how you get forward momentum!“, this is something I have stated on several occasions and I truly believe that this will be the starting pulse to a stronger economy. It seems that the event creators Alex van Someren of Amadeus Capital Partners, Grace Cassy and Jonathan Luff of Epsilon Advisory Partners, and advisors Jon Bradford of startup accelerator TechStars and Eileen Burbridge of venture capital firm Passion Capital are on such a path. No matter how it is started, they are likely to get a first leg up as these startups will truly move forward. As the event stated: ‘No equity taken’, but it seems to me that on the receiving end of implementing working solutions, finder’s fees and linked contracts could be very very profitable and let’s face it, any surfer will tell you that being at the beginning of the wave gives you the best ride of all.

Let’s see what 2015 brings us, startups tend to be not too boring. Not unlike startups, so will be more waves of speculations on how Sony was hacked, the US government will likely continue on how North Korea was involved and at the centre of it all.



Filed under IT, Media, Politics, Science