Tag Archives: WhatsApp

The A-social network

That is a stage, it is a big stage and it does not care whether you live of whether you die. So let’s take this to a new level and start with a question: ‘When did you last cause the death of a person?’ I do not care whether it is you mum, your dad, your partner, your child. When did you cause their death? Too direct? Too Bad!

You see, we think that we are innocent, some are risk programmers into debt insolvency programs, yet there it is not about the people, it is about the business that needs maximisation. We pride ourself in compartmentalisation, yet in the end the programmer is just as efficient a murderer as the sniper is. When I look through the sight of a .308 rifle, the sight allows me to go for a target 450 metres away, an optimum distance, the silencer will make is silent enough so that anyone more than 4 metres away will not hear a thing and 450 metres away, a person falls to their knees, the chest wound is damaging enough to ensure that the target will be dead on arrival, even if it happens at the entrance of a hospital, for the target it is over. You think this is bad? 

The programmer writes the formula that sets a different strain of insolvency. It is a form of credit risk, as such we get “In the first resort, the risk is that of the lender and includes lost principal and interest, disruption to cash flows, and increased collection costs”, as such the credit firms hire programmers that can stretch the case to lower the risk to the lender, set the stage where there is an increased option to pay back at much higher cost. In that same way we see programs and risk assessments being created where the facilitators are not at risk, they are not to blame and they are not to be held accountable. 

So here comes Molly Russell and the BBC gives us ‘Molly Russell social media material ‘too difficult to look at’’, it starts with “The 14-year-old killed herself in 2017 after viewing graphic images of self harm and suicide on the platform”, so what ‘platform’ was that? How much was viewed and what time frame was in play? These are the first questions that rise straight from the bat. It is followed by “A pre-inquest hearing on Friday was told not all the material had been studied yet as it was too difficult for lawyers and police to look at for long”, basically at least two years later lawyers and police are unable to view what a 14 year old did, and this does not give us the hard questions? So whilst the article (optionally unintentionally) hides behind “The inquest will look at how algorithms used by social media giants to keep users on the platform may have contributed to her death”, the basic flaw is at the very basic level. How did this stuff get uploaded, why was it not flagged and hw many viewed it, in addition towards the small setting of who was the uploading party? So someone gave a 14 year old the settings and the access to materials that most adults find unwatchable and I think there are bigger questions in play. It is the line “He added certain parts of the material had been redacted and lawyers and police were trying to find out why”, as I personally see it, redaction happens when you need to hide issues and this becomes an increased issue with “the investigation was seeking the cooperation of Snapchat, WhatsApp, Pinterest, Facebook and Twitter, although until recently only Pinterest had co-operated fully”, as well as “Snapchat could not disclose data without an order from a US court, WhatsApp had deleted Molly’s account and Twitter was reluctant to handover material due to European data protection laws, the hearing was told”, On a personal footnote, Twitter has been on a slippery slope for some time, and the deletion by WhatsApp is one that is cause for additional questions. As I see it, these tech giants will work together to maximise profit, but in this, is the death of a person the danger that they cannot face, or will not face in light of the business setting of profit? Even as I am willing to accept the view of “Coroner Andrew Walker said “some or all” of those social media companies could be named as interested parties in the inquest as they would be “best placed” to give technical information for the case”, are they best placed or are we seeing with this case the setting where Social media is now the clear and present danger to the people for the case of extended profits into the largest margin available?

That is a direction you did not see, is it?

We have never seen social media as a clear and present danger, but in case of Molly Russell that might be exactly what we face and there is every indication that she is not the only case and it is possible that the redactions would optionally show that.

Yet in all this, the origin of the materials and how they were passed through social media remains a much larger issue. I wonder how much the inquest will consider that part. You see, for me, I do not care. I am sorry, the picture of the girl in the BBC article is lovely, she is pretty, but I do not care. It is cold, yet that is what it is. In Yemen well over 100,000 are dead and the world does not seem to care, as such, I need not care about one girl, but the setting, the setting I do care about. It is not for the one case, under 5G when the bulk of the people will get drowned in information and all kinds of movies, one girl will end up being between 8 and 20 people. The setting is larger, 5G will make it so ad if you doubt that, feel free to wait and watch the corpses go by.

Suddenly sniping seems such a humanitarian way to pass the time, does it not? 

We need to consider that one process influences another, as such the process is important, just like the processes risk assessors write to lower risk, the stage of what goes one way, also has the ability to go the other way. This translates into ‘What would keep Molly Russell with us?’ Now implies a very different thing, it sets the stage of a lot more. It is not merely who messaged Molly Russell, it becomes what else was send to Molly Russell on WhatsApp, so suddenly the deletion of her account does not seem that innocent, does it? It goes from bad to worse when you consider on how social media links and how links and usage is transferred. Like footprints the links go form one to the other and no one has a clue? It is in my personal view more likely that they all have a clue and for the most it is extremely profitable, Molly Russell is merely a casual situation of circumstance, so under 5G when it is not 1, but up to 20 times the victims, what will happen then?

I will let you consider that small fact, the setting where your children become the casualty of margins of profit, until death deletes the account, have a great day!

 

Leave a comment

Filed under IT, Law, Media, Politics, Science

Some small bits

We all see them, we all face them and even as there is no overwhelming story out there, I think it was time to set up a look at the small bits, the parts I have already given view to and now I am adding to them. 

Huawei

The first part is ‘Huawei row: Trump chief of staff to meet Dominic Cummings‘, here we see another media driven attempt to ban Huawei from the UK, the UK is now as much a bitch as the Australian government. So far the US has not given any evidence that the Huawei hardware can be used to spy on people by the Chinese government, so far the US is not even sending that person with a really bad haircut, so that he could compare barbers with Boris Johnson, no he is sending his acting White House chief of staff, Mick Mulvaney. Even after Richard Grenell gives us “to make clear that any nation who chooses to use an untrustworthy 5G vendor will jeopardize our ability to share intelligence and information at the highest level“, in my response ‘what intelligence?’ at present the CIA is regarded as one of the least trustworthy intelligence providers, we could argue that Facebook has better intelligence than the CIA does (hurts doesn’t it?)

Now, if the US had provided intelligence on Huawei several Cyber experts would nitpick that intel, yet the setting is out there, there is no evidence whatsoever, the US is fearing for its life and its economy. The backdraft is also there, any nation will get an advantage over whatever paperback spinal cord is supporting the US without evidence. All because the US cannot control its national corporations, we all must pay.

We can treat “A group of backbench Conservatives also wants Johnson to commit to remove all Huawei kit from British phone networks over time” with optional disgust as well, even as there is no stage set on ‘over time‘, as I personally see it these acts are profit driven, not national security driven, even as some will make a claim in that direction. 

Jeff Bezos

You know the man, the intelligent man with the really long forehead (read: bald), was hacked, it happened in 2018 and the media keeps on blaming the Crown Prince of Saudi Arabia, yet there is no evidence. In light of all that had happened, the idea that any Crown Prince is THAT hands on with an issue is overlooked on several levels. The FTI report reads like a joke and personally, if Mr. Bezos pays THAT much for what I personally see as trash, than I have optionally 4 IP stages, one unfinished book and over a 1000 articles for same for the mere price of $50,000,000 post taxation (50% for the IP and the rest is a gimmick), you see at least I am willing to say that upfront. In addition, his own paper gives us on January 28th “Indeed, in October 2018, Michael Sanchez and AMI entered into a nondisclosure agreement “concerning certain information, photographs and text messages documenting an affair between Jeff Bezos and Lauren Sanchez,” according to three people who have reviewed the agreement. The existence of the contract was first reported by the New York Times. One of those people also confirmed a Wall Street Journal report that federal prosecutors who are investigating whether the Enquirer tried to extort Bezos have reviewed the text messages that Lauren Sanchez allegedly gave to her brother and that he then provided to the tabloid.” as I personally see it several parties owe Crown Prince Mohammad bin Salman bin Abdulaziz Al Saud a few apologies and all kinds of Saudi catering hoping that it will appease his royal highness. On a personal note, I reckon he will be jealous of my yacht by the CRN ship wharves, so as we see the wealth of Jeff Bezos, he might just want to say ‘Sorry!’ to his royal highness and spend 0.5% of his wealth to appease that rather rich party with a yacht (so that mine will remain optionally safe, when it is completed). And no matter how it all get spinned, the UN report needs to be nitpicked and rather quickly, too many questions remain and even as we see that a person with knowledge of the investigation who was not authorized to speak publicly about its progress, or as the Washington Post is skating around the trandsetting term ‘anonymous source‘, which would place them on the same scale as the Enquirer, they give us “It’s possible that the Saudis hacked Bezos’s phone and Michael Sanchez independently got the photos from his sister and some people were trying to get paid and some people were trying to get Bezos,” all whilst there is no actual evidence that the hacker was Saudi, I did away with that quite nicely in ‘6 Simple questions‘ (at https://lawlordtobe.com/2020/02/03/6-simple-questions/), whilst the 6th question ‘Why on earth is the UN involved in an alleged Criminal investigation where so much information is missing?‘ was never answered by any media EVER! (OK, as far as I know).

Yet there is a reason why we bring this all, it is seen (at https://www.inc.com/jason-aten/facebook-says-apple-is-to-blame-for-hacking-of-jeff-bezos-phone.html) where we get introduced to ‘Facebook Says Apple Is to Blame for the Hacking of Jeff Bezos’s Phone‘, with the optional part “Nick Clegg, said that the hacking of Jeff Bezos’s phone wasn’t the fault of WhatsApp, pointing instead to the Apple iOS that powers the iPhone X Bezos was using. Or, at least, that’s presumably what he was trying to say, though his answer when asked by the BBC was largely incomprehensible“, as well as “he argued, “It sounds like something on the, you know, what they call the operate, operated on the phone itself.” To be clear, he didn’t specifically mention Apple by name, however it had been previously known that Bezos was using an iPhone X at the time he was hacked“, I find it debatable, but it takes the court away from the Saudi Crown Prince and a few others, if that hack is not one that NSO Group’s Pegasus or Hacking Team’s Galileo uses, then we have a much larger issue, one that is not identified and even as it takes the Saudi players off the board, it does not take the issue away. The NSO group has loudly denied the entire issue and this gives them the option to do that, so far the FTI report is too shabby, it does not seem to warrant or deny the optional allegations. So as we see: “someone actually took advantage of a vulnerability that WhatsApp itself has already acknowledged was an issue and issued a fix. It’s even more confusing that he attempted to pass the blame to Apple“, I personally feel in agreement with the writer, the entire WhatsApp feels like to comfortable solution, yet that vulnerability was out in the open and there is still no evidence that it was done by Saudi hands, even now, the list of perpetrators is growing, pushing the optionally (and alleged) Saudi players to the bottom of that list. I would advise Brainy Smurf Jeff Bezos that he pays up as fast as possible (and sizeable) before it becomes a behemoth of an issue that a mere sorry and a box of chocolates will not solve. 

Yemen

You might have heard of that place, apparently there are a few humanitarian issues playing and even as we now see ‘UN Condemns ‘Shocking’ and ‘Terrible’ US-Backed Saudi Coalition Bombing That Killed 31 Yemeni Civilians‘, we are given “Those who continue to sell arms to the warring parties must realize that by supplying weapons for this war, they contribute to making atrocities like today’s all too common“, yet the EU and the US are happy that this all continues. My evidence? Well consider that we see today ‘The EU has agreed to deploy warships to stop the flow of weapons into Libya‘, all whilst a similar action in Yemen would have diminished the dangers over two years ago, so how many ships had the EU to set up a blockade to stop weapons going into Yemen? As far as I can tell, there is an unwritten consensus to give as much freedom to Iran as possible. I gave that part in ‘Media, call it as it is!‘ (at https://lawlordtobe.com/2018/11/03/media-call-it-as-it-is/) almost 18 months ago, so why exactly is Yemen not an issue and Libya is? It is oil and everyone is dancing around the stage hoping for a barrel full of the substance. Yet the Yemeni don’t matter, if you doubt that you merely have to read the articles, all about complaints and condemning, not about action packed events, are they? And in all this Xavier Joubert, director of aid group Save the Children Yemen is equally to blame, does he give the stage in a proper setting? Does he give any information on the actions that Houthi forces have been eager to take forward (including those on children)? Nope! So when we see “after Houthi rebels claimed to have shot down a Saudi Tornado jet Friday in Al-Jawf province“, as well as ““possibility of collateral damage”—a common euphemism for civilian deaths“, yet how many enemy troops were there? that part is not given as it takes the power away from their own story, yet the story they give us is out of whack. So whilst people like Lise Grande come up with “it’s a tragedy and it’s unjustified“, all whilst for well over two years a blockade could have optionally limited the damage that could have occurred, yet no one is willing to skate that track, are they?

All whilst we see (at https://www.timesofisrael.com/pompeo-calls-for-action-against-iran-after-us-navy-seizes-weapons-sent-to-yemen/) ‘Pompeo calls for action against Iran after US Navy seizes weapons sent to Yemen‘, a stage that was set this week, we see the laughingly entertaining ‘World’s silence has emboldened Saudi-led war crimes in Yemen: Iran‘, all whilst we see Iranian Foreign Ministry spokesman Abbas Mousavi giving a speech on what he calls War Crimes, at the same stage where they send hundreds of missiles into Yemen, there is only so much hypocrisy I can stomach and Iran is handing us way too much. So whilst the Islamic Republic of Iran continues to defy the UN Security Council, we need to start being honest about the Yemen situation, the EU does not care about Yemen, it has nothing to offer, yet the US has on this occasion stopped one of several Iranian supply ships. I wonder how many were missed, the ongoing war clearly gives rise to the fact that this war will not be over soon and as such more civilians will die, it is the clear consequence of a war.

These are three of the small bits that I am adding today, there have been a whole range of issues I touched on in the last few days, yet these small bits are important parts to other information I gave out. 

Have a great day, see you all tomorrow

 

Leave a comment

Filed under Finance, IT, Media, Military, Politics

The hack game continues

The press continues to assault Mohammad Bin Salman and Saudi Arabia, the same press that has ignored hostile acts by Iran, the same press who have knowingly and from my point of view ignored (read: and downplayed) several issues in Yemen caused by Hezbollah. 

So as I got to see (at https://www.theguardian.com/technology/video/2020/jan/22/jeff-bezos-phone-hacked-allegation-saudi-crown-prince-video-explainer) the video that was placed two weeks ago, in light of what I wrote yesterday. I thought that the video gives light to several questions that link to this. It is also important, because it shows a global FAILING of cyber security, not by the hairless man (Jeff Bezos) by the way, who in this is basically a consumer (one with deep pockets that is).

The video starts off with Stephanie Kirchgaessner, where she says (at 00:14) ‘who is somehow personally involved‘ (1). Then we get (at 00:32) ‘according to his own security team victim of some sort of hack by Saudi Arabia‘ (2) we get more accusations, but with the word ‘allegation’, as such she is in the clear. After that we get a clip from CBS This morning (at 1:08) with a followup and direct accusation towards the WhatsApp account ‘from the account of the Crown Prince of Saudi Arabia‘ (3), even as I am tempted to ignore ‘We can’t know what was going on in the mind of Mohammad Bin Salman‘ (at 1:55) (4)

After that there is a reference to ‘the experts that she spoke to‘ (at 2:12) and they point to the fact that he is the owner of the Washington Post, not the owner of Amazon or merely a rich dude. ‘It was an attack on the Press‘ is what seemingly comes out of this. 

We get a few more events, but nothing that is too interesting, not in this view.

Personally I actually do not care about Bezos and his needs, I do not give a hoot about a few items, and my personal view is that any person is innocent until PROVEN guilty and the attacks on Saudi Arabia as well as the Crown Prince are offensive to me as we should know and act better.

So as we get to the stage of the why, we need to see the stage we are entering. This is not (merely) a Criminal situation, this is a cyber ploy and that is where the focus is, I have written more than enough about the joke that is the FTI Consulting report, but in the end it is linked to all this. 

  1. Who is somehow personally involved

How? I am not referring to item 3, there is a larger stage here. The alleged infecting file was received on May 1st 2018. In this I am using alleged as the investigation did not start until February 2019. However, the FTI Consulting report on page 12, item 22 gives us that hours after the reception of a file resulting in egress data in excess of 29,000%. I do not question that, I do not question that Bezos got hacked. 

Why am I opposing here?

As I stated in ‘6 simple questions‘ (at https://lawlordtobe.com/2020/02/03/6-simple-questions/) yesterday. Other experts give us “Check Point Research, however, recently unveiled new vulnerabilities in the popular messaging application that could allow threat actors to intercept and manipulate messages sent in both private and group conversations, giving attackers immense power to create and spread misinformation from what appear to be trusted sources.” This is important when we consider ‘allow threat actors to intercept‘ as well as ‘spread misinformation from what appear to be trusted sources‘ as such Check Point research gives us that false information could be sent to a person from anyone claiming to be anyone else. The source of the infection cannot be verified in this. that is an important fact, one that was out in the open and FTI Consulting never went there.

  1. According to his own security team victim of some sort of hack by Saudi Arabia

So his security team are cyber experts? And they know somehow that Saudi Arabia did the attack? Based on what evidence? I showed in the previous point that this is optionally not the case and the FTI Consulting report is nothing short of a joke (as I personally see it), there is no path to where the data is going, there is no evidence on where the infection came from. 

  1. from the account of the Crown Prince of Saudi Arabia

Here is the larger issue and even as I debunked it in point one, we must not ignore this, there is one path that is not investigated and not one that can no longer be investigated. The mobile of the Crown Prince might be infected itself. My point one avoids it, but we cannot ignore it. The chances of Saudi Arabia or its officials in light of the attacks cooperating is close to zero and as such this point will remain on the books. From my point of view gathering intel and evidence before shouting foul would have been a much better approach and why the UN gets involved in this is still open to debate on a few sides. 

  1. We can’t know what was going on in the mind of Mohammad Bin Salman

In this we can speculate and debate until we are blue in the face, but the truth is that all this started 2 years ago and the evidence is largely missing, more important, whomever was involved has removed whatever sides they needed to and as such the actual guilty party will never be found. Yet the foundation of the accusation is larger.

He was being attacked by the press and we seemingly forget that the infection started BEFORE someone seemingly ended the life of some columnist named Jamal Khashoggi, as such we can argue that there was no attack on the Washington Post. To be more honest, at the time of the infection Jamal Khashoggi was some columnist most people on the planet had never heard of (apart from the Washington Post readers) 

Yet when we look at the Vice article (at https://www.vice.com/en_us/article/v74v34/saudi-arabia-hacked-jeff-bezos-phone-technical-report), there we see that former FBI investigator Anthony J Farrante gets into the fight and the report gives us ““to assess Bezos’ phone was compromised via tools procured by Saud al Qahtani,” the report states“, it is an interesting plot, especially when we consider another Vice article (at https://www.vice.com/en_us/article/8xvzyp/hacking-team-investor-saudi-arabia) where we saw “Hacking Team was thoroughly owned, with its once-secret list of customers, internal emails, and spyware source code leaked online for anyone to see“, so lets put this in the right frame, Anthony J Farrante is going out to prove that a tool procured by Saud al Qahtani, and as far as we can speculate is in the possession of thousands of hackers through ‘spyware source code leaked online for anyone to see‘ is the guilty perpetrator. How is that ever going to work? 

Well that is optionally still the case if we can examine the source of the problem, and that is basically already debunked by Alex Stamos, the former chief information security officer at Facebook who gave us “Lots of odd circumstantial evidence, for sure, but no smoking gun“, in this I also got to “several high-profile and respected researchers, highlights the limits of a report produced by FTI Consulting, the company Bezos hired to investigate the matter“, as well as “A key shortcoming of the analysis, Edwards said, was that it relied on a restricted set of content obtained from Bezos’s iTunes backup. A deeper analysis, she said, would have collected detailed records from the iPhone’s underlying operating and file systems. Other security experts characterized the evidence in the report as inconclusive“, and “a research group at the University of Toronto, offered a suggestion that could allow investigators to gain access to encrypted information that FTI said it could not unlock” (source: CNN), we see a whole range of experts giving out claims towards non-conclusivity, lack of expertise and optionally students in Toronto giving out solutions to a situation that FTI said it could not unlock. 

These are all matters that played out over time, some before the video report and it seems to me that the press is bashing with smoke signals as loud as possible hoping someone will scream ‘fire!‘. That is my view on the matter!

Now, all what I see and expose does not make any party innocent, it merely shows that there is no evidence to call anyone guilty on and that is what matters, because we want to turn this into an event where a person needs to prove that they are innocent, we must prove that anyone is guilty. In some cases beyond all reasonable doubt and in some cases on the setting of probability of guilt set against the average man. The entire cyber event fails on both terms and that is not merely me, and when we see ‘Other security experts characterized the evidence in the report as inconclusive‘ we need to realise that (apart from) FTI Consulting did a piss poor job in this case, the finding of actual and factual evidence is a lot harder in this day and age. The WhatsApp vulnerability showed that there is a larger problem and when we cannot determine the origin of any hack or virus, we are in for a much larger problem and this is happening before 5G is fully rolled out. That nightmare was brought nicely by Kenneth White, former advisor to DHS with “it can be extremely challenging to reconstruct the activities of a determined, well-resourced hacker“, this is what the Jeff Bezos team faced and from my view, they went about it the wrong way. Their report was never ready for release and the fact that basic parts were missed gives out a much larger problem, if billionaires rely on someone like FTI Consulting and this report is the standard, then the entire cyber setting in the United States could be regarded as a larger problem from beginning to end.

In this there is one highlight that Vice gave us that matters here, it is “The second obstacle regarded the password for the iTunes backup“, and “They apparently never obtained the password” that makes no sense, because the owner should have his backup, so unless Jeff was hit by the ID10T virus, we see a failing on more than one level and as such at what stage, in light of EVERYTHING out there in 2018 why was Crown Prince Mohammed bin Salman ever accused?

That is what angers me, not who was accused, but that an accusation came whilst there was a whole truckload of information out there making it a bad choice from beginning to end, so was the Washington Post owner hacked, or was the hack a way for the Washington Post to strike out to someone? That is the larger game that is now in the court of perception, a massive failing of properly assessing pieces of evidence by the media (and the UN). 

 

Leave a comment

Filed under IT, Media, Politics

6 simple questions

I have written about it before, yet the article last friday forces me to take more than another look, it forces me to ask questions out loud, questions that should have been investigated as this case has been running for two years, lets not forget the hairy Amazon owner had his smartphone allegedly hacked in 2018.

My article ‘The incompetent view‘ (at https://lawlordtobe.com/2020/01/28/the-incompetent-view/) was written on January 28th. I kept it alone for the longest of times, yet the accusations against Saudi Arabia, especially as that French Calamari UN-Essay writer is again involved forced my hand and the article last friday gives me the option to lash out and ask certain questions that the investigation optionally cannot answer, as such two years by these so called experts should be seen as 2 years by whatever they are, but I have doubt that expertise was part of the equation.

as such we begin with the Guardian (at https://www.theguardian.com/technology/2020/jan/31/jeff-bezos-met-fbi-investigators-in-2019-over-alleged-saudi-hack), here we see the following

NSO said: “we have not been contacted by any US law enforcement agencies at all about any such matters and have no knowledge or awareness of any investigative actions. Therefore, we cannot comment further.”“, which is a response towards the FBI who had been investigating NSO since 2017, which is based on the setting of “officials were seeking information about whether the company had received any of the code it needed to infect smartphones from US hackers

Yet it is the quote “Two independent investigators at the United Nations, Agnes Callamard and David Kaye, revealed last week that they have launched their own inquiry into allegations that Bezos’s phone was hacked on 1 May 2018 after he apparently received a video file from a WhatsApp account belonging to Mohammed bin Salman, the Saudi crown prince“, in this, can anyone explain to me why the UN is involved? I do not care how wealthy Jeff Bezos is and this has nothing to do with the Washington Post, either way this would be an initial criminal investigation, optionally running through the FBI.

  1. Why is the UN involved?

In defence we must observe “WhatsApp has said it believed NSO has violated criminal laws, including the Computer Fraud and Abuse Act, a federal law that is used to prosecute hackers. WhatsApp has claimed 1,400 users were hacked using NSO technology over a two-week period in April-May last year, after NSO was allegedly able to exploit a WhatsApp vulnerability that was later fixed

And again, we see that NSO technology is involved, yet FTI Consulting makes no mention of that part of the equation, more important whether the same atack was used, and in light of all this, we might see ‘NSO was allegedly able to exploit a WhatsApp vulnerability that was later fixed‘, yet when exactly was it fixed? That too is part of the equation.

When we look at the FTI report, other issues become surface materials. Like the quote “The phone maintained an unusually high average of 101MB of egress data per day for months thereafter, including many massive and highly atypical spikes of egress data. Forensic artifacts demonstrated that this unauthorized data was transmitted from Bezos’ phone via the cellular network.” What data was sent exactly? The report gives us: “they provide the ability to exfiltrate vast amounts of data including photos, videos, messages, and other private or sensitive files. It should be noted that spikes resembling these might occur legitimately if a user enabled iCloud backup over cellular data service. Bezos. however. had iCloud backups disabled on his device. Other legitimate causes of spikes in egress data could be if a user willingly uploaded or transmitted large amounts of data via a chat or messaging app. email client, or cloud storage service, but none of these activities were corroborated by GDBA or Bezos.

As such, as FTI Consulting gives us “Advanced mobile spyware. such as NSO Group’s Pegasus35 or Hacking Team’s Galileo,36 can hook into legitimate applications and processes on a compromised device as a way to bypass detection and obfuscate activity in order to ultimately intercept and exfiltrate data. The success of techniques such as these is a very likely explanation for the various spikes in traffic originating from Bezos’ device.” Yet is that what happened? lets not forget that the FTI Consulting report on page 16 states “The following investigative steps are currently pending.

  1. Intercept and analyze live cellular data from Bezos’ iPhone X“, as well as “2. Jailbreak Bezos’ iPhone and perform a forensic examination of the root file system.” steps that are seemingly incomplete and optionally not done at all, as such how did anyone in Saudi Arabia get fingered as the guilty party? It could be the German Cracking Service for all we know stating to Jeff Bezos ‘Copy me, I want to travel‘.
  2. Where is the evidence on the hack and the destination of the hacked data?

There are two parts in this, as I explained earlier, Vice.com gave an earlier consideration with ““Hacking Team was thoroughly owned, with its once-secret list of customers, internal emails, and spyware source code leaked online for anyone to see”” yet the stage that we see here, is merely a footnote in the FTI Consulting report and is given no weight at all.

This leads to the question 

  1. How was the phone of Jeff Bezos infected and where is that evidence?

This could lead to 3a. Who actually infected the iPhone of Jeff Bezos?

Which leads to the last part of last friday’s article and perhaps the biggest smear of all time “New revelations about the alleged hacking of Bezos’s phone have caught the attention of a handful of politicians in Washington who have sought more information about the alleged hack, including whether there was any evidence that Saudi Arabia had infected phones of any members of the Trump administration.” and because of this (as well as more) we get to:

  1. What exactly are the new revelations, as the FTI Consulting report is incomplete.
  2. Where is the evidence that Saudi Arabia infected ANY phones?

You see, someone infecting another person by claiming that they are someone they are not is at the core of this, as such any person in the room could have infected Jeff Bezos’s phone and optionally other phones too. Claiming to be MBS and being MBS are two separate parts. 

In this it was CNN who gave us “The report’s limited results are a reminder that it can be extremely challenging to reconstruct the activities of a determined, well-resourced hacker” and if hat is the setting, we again get to the stage where we cannot tell who infected the system of Jeff Bezos in the first place. As such Kenneth White (formerly with DHS) as well as  Chris Vickery (Director UpGuard) who gives us “other evidence provided by FTI increased his confidence that Bezos was being digitally surveilled“, we do not question that, we merely question the lack of evidence that points to Saudi Arabia as a perpetrator, basically the guilty party is not seen, because no evidence leading there is given, the fact that essential tests have not been done is further evidence still of the absence of any guilty party.

As that stands I merely end with the question:

  1. Why on earth is the UN involved in an alleged Criminal investigation where so much information is missing?

When we realise the small line in the Guardian “An analysis of the alleged hack that was commissioned by the Amazon founder has not concluded what kind of spyware was used” we are given a much larger consideration, if the spyware used is unknown, how can the data spy be seen? This gets an even larger mark towards the question when we consider “Check Point Research, however, recently unveiled new vulnerabilities in the popular messaging application that could allow threat actors to intercept and manipulate messages sent in both private and group conversations, giving attackers immense power to create and spread misinformation from what appear to be trusted sources.” (at https://research.checkpoint.com/2018/fakesapp-a-vulnerability-in-whatsapp/), and another source (at https://www.bleepingcomputer.com/news/security/whatsapp-vulnerability-allows-attackers-to-alter-messages-in-chats/) gives almost the same information and also has the text “Using these techniques, attackers can manipulate conversations and group messages in order to change evidence and spread fake news and misinformation“, the FTI Consulting report gives us nothing of that, and as it does not set the stage of disabling that these were options that were disregarded, we see that this mobile situation might not now or not ever see the light of day with an actual reference to an attacker that will hold water in any court. 

As such the UN will have a lot to explain soon enough, I got there through 6 simple questions, 6 questions that anyone with an application of common sense could have gotten to, I wonder why the UN did not get there, I wonder why FTI Consuilting handed over a report that was failing to this degree.

 

3 Comments

Filed under IT, Law, Media, Politics

Evidence? Why?

I ignored the news initially, as I saw it, it was nothing more than some bash piece on Saudi Arabia. Yet something hot me, it was just a thought and it was: ‘What if I illuminate parts and let common sense people decide‘ (which takes out many journalists and mostly all politicians). As for me? The issue is that the media is all about bashing any royal part of Saudi Arabia, all whilst ignoring evidence (and debatable evidence to a much greater degree, their pursuit of circulation and agreeing to the beat of shareholders and stakeholders has gone to the heads of too many editors and I get a real rush to illuminate this part.

I have never ignored evidence, yet just like with Huawei, it is seemingly all about the big bully shouting, whilst the deciding world for the most ignores evidence and I think that it is a weird situation. Not merely in this blog, but on a few matters, we will get to hold them to account in a few years, at that point these people will make hastily formulated excuses whilst running to their mummies to get breastfeeding (I reckon).

So, lets begin. In the first we have ‘How the UN unearthed a possible Saudi Arabian link to Jeff Bezos hack‘ (the Guardian at https://www.theguardian.com/technology/2020/jan/22/how-the-un-unearthed-a-possible-saudi-arabian-link-to-jeff-bezos-hack) as well as ‘Did Saudi Arabia’s crown prince hack the Amazon king?’ (the Economist at https://www.economist.com/middle-east-and-africa/2020/01/25/did-saudi-arabias-crown-prince-hack-the-amazon-king), a nice side effect is that the Economist, is viewed and acted on on the 24th of January, whilst the article states that it is the Jan 25th 2020 edition, but enough about that. Let’s start with the Guardian who tells us “The UN’s demand for law enforcement authorities to conduct a proper investigation into the alleged hacking of Jeff Bezos’s mobile phone came after it reviewed the findings of a cybersecurity firm, FTI“, we might not see anything here, yet the UN, who is underfunded and strained has time for this? Is this another US Essay like the one by some French girl on the killing of Jamal Khashoggi? And what about ‘after it reviewed the findings of a cybersecurity firm, FTI‘? This implies that the United Nations called for the inspection, notified a cyber security firm (FTI) and investigated the phone of some so called billionaire (postage and shipping required). So why exactly is this not with the police or an official investigative body like the FBI Cyber division?

Following this we get the real beef with “concluded with “medium to high confidence” that it had been compromised because of actions attributable to a WhatsApp account used by the Saudi crown prince, Mohammed bin Salman“, first of all, if I want to investigate the corruption at an army base, I will not go in as the lawlordtobe, I would enter the situation as some poor schmuck who is from the city of Noonecares. It is almost like an assasination and the official in question uses his own service revolver instead of someone else’s. And what goes with ‘medium to high confidence‘, what evidence was uncovered? Then we get the part where is all falls to shambles. With “The UN was careful not to be definitive. Instead of pointing the finger, its statement said the apparent hack had been achieved using software “such as NSO Group’s Pegasus or, less likely, Hacking Team’s Galileo, that can hook into legitimate applications to bypass detection and obfuscate activity”“, just like the Khashoggi essay fiasco, the UN is all about being not definitive, as such we want to know how accusations can be made when you are not definitive. As such I would like to point the UN troll to a kids game called Clue, there in that games (for ages 8+) we are introduced to the concept of evidence, where you need to collect facts and state “I am accusing Colonel Mustard who killed Dr. Black (aka Mr. Boddy) in the Kitchen using the lead pipe” and then we look at the evidence and see if the claimant had his or her facts straight. None of that CIA BS where we see ‘medium to high confidence‘, I would offer that if the confidence is already medium, what was not looked at and what was discarded. The statement comes directly before “The NSO Group, an Israeli cyber-surveillance firm, strongly denied that its surveillance tools were responsible“, as such we are left with ‘less likely, Hacking Team’s Galileo‘. so there is a mountain of doubt on an article that throws the Crown Prince of Saudi Arabia in a bad light and there is seemingly an increasing lack of evidence. As we go on, we see the NSO giving the statement that offers direct opposition to some firm called FTI with “These types of abuses of surveillance systems blacken the eye of the cyber-intelligence community and put a strain on the ability to use legitimate tools to fight serious crime and terror. We expect that all actors in this arena put in place stringent procedures and technological controls, such as those that we have put in place, to assure that their systems are not used in an abusive manner“, as such there are larger questions not merely on the UN for setting the stage of something that is not on their plate, they apparently went to another small operation (who knows) and let them set up the stage of doubtful and debatable documentation, doubtful as we get one of the implied companies go directly into denial and setting a document based on evidence that is regarded as ‘medium to high confidence‘.

And then something beautiful happens. We see “The FTI report cited by the UN special rapporteurs, Agnes Callamard and David Kaye, noted that both NSO and Hacking Team, an Italian company, offered tools that could theoretically have performed the attack” where we are (again) introduced to that UN essay writer, the one that had given us the joke called some Khashoggi report (Agnes Callamard), as well hiding behind ‘tools that could theoretically have performed the attack‘, the idea that this joke from a building based at 760 United Nations Plaza, Manhattan, New York City, New York 10017 and hide behind the word ‘theoretically‘, as such pardon my French (oh, that was funny!) but how the fuck does she still have a job?

For several reasons I will not use the Economist (as I am not a subscriber), but the quotes in their magazine “which was soon used to steal large amounts of data—though the un did not say exactly what, or how it was used” as well as “It called for an “immediate investigation”. The Saudi embassy in Washington, dc, said the accusations were “absurd”.

As I see it, the UN is nothing more than an advertising paper tiger, adhering to the commands of some stakeholder (identity unknown), if this was a direct action by the UN, those people need to be investigated immediately, I feel decently certain I will get both China and Russia to sign off on this, as this has the distinct smell that comes from neither region, so they would score a win, in addition to that, the UN would have to submit data as to what exactly was taken and how it could be identified, which is also an issue that is unclear and optionally unclear to the UN people involved. 

The Verge had a lot more, they had (at https://www.theverge.com/2020/1/23/21078828/report-saudi-arabia-hack-jeff-bezos-phone-fti-consulting) the actual report, and there we see on page one we see the person we need to hackle for information, it is Anthony J. Ferrante who needs to give us the names of who this so called ‘Confidential Report’ was given to, because it seems that it was leaked. And there we see the originator (vice.com) giving us “The report, obtained by Motherboard, indicates that investigators set up a secure lab to examine the phone and its artifacts and spent two days poring over the device but were unable to find any malware on it. Instead, they only found a suspicious video file sent to Bezos on May 1, 2018 that “appears to be an Arabic language promotional film about telecommunications.”“, however, this is not the end. They also give us “Investigators determined the video or downloader were suspicious only because Bezos’ phone subsequently began transmitting large amounts of data. “[W]ithin hours of the encrypted downloader being received, a massive and unauthorized exfiltration of data from Bezos’ phone began, continuing and escalating for months thereafter,” the report states“. In this I state OK, let’s take an actual look.

And they do give us more, quotes like “The digital forensic results, combined with a larger investigation, interviews, research, and expert intelligence information, led the investigators “to assess Bezos’ phone was compromised via tools procured by Saud al Qahtani,” the report states“, as well as “A mobile forensic expert told Motherboard that the investigation as depicted in the report is significantly incomplete and would only have provided the investigators with about 50 percent of what they needed, especially if this is a nation-state attack“, ““They would need to use a tool like Graykey or Cellebrite Premium or do a jailbreak to get a look at the full file system. That’s where that state-sponsored malware is going to be found. Good state-sponsored malware should never show up in a backup,” said Sarah Edwards, an author and teacher of mobile forensics for the SANS Institute“, and “The investigators do note on the last page of their report that they need to jailbreak Bezos’s phone to examine the root file system. Edwards said this would indeed get them everything they would need to search for persistent spyware like the kind created and sold by the NSO Group. But the report doesn’t indicate if that did get done.“, which is as I personally see it the shallow political BS that some people go for. As such we see in the report “The following investigative steps are currently pending“, and more profound, on page 4 we see: “On May 1st, 2018, Bezos received a text from the WhatsApp account used by MBS“, my issue here is that this might have been the infected one, yet if I did that, I would use an originator that was real. And there we have it, the Dailymail gave us ‘New bug allows hackers to send fake messages pretending to be you – and there’s nothing you can do to stop them‘ (at https://www.dailymail.co.uk/sciencetech/article-6039533/WhatsApp-users-beware-Hackers-send-fake-messages-pretending-you.html) with the additional text: “First discovered by Israeli cybersecurity group CheckPoint Research, the flaw is incredibly complex and involves a gap within the app’s encryption algorithms. Writing on their website, the team said the vulnerability could make it possible for a hacker ‘to intercept and manipulate messages sent by those in a group or private conversation’ as well as ‘create and spread misinformation’. Hackers could use the bug to alter the text sent in someone else’s reply to a group chat, essentially ‘putting words in their mouth’, the group said.

It took me 5 minutes and Google search to find this. I am not stating that this is true and that the Daily Mail is the source to use (they often are not), yet this is a larger failing, I expected this from the very beginning, the origins of the setting was not properly investigated. Then Vice.com gave us “the report is significantly incomplete and would only have provided the investigators with about 50 percent of what they needed“, which is what I expected before I read one word of the accusation, and with US Essay writer Callamard involved (yes again it is her) we see what this is, another mindless attack on a nation and one person. They did not even bother getting him properly smeared, and no one is asking questions, I reckon that the involved stakeholders are likely to go for the, if we create enough barbeques, someone will shout fire: ‘I ran’ for office! Anyone?

what is the most irritating part is that the UN is again used as the cheap tool that they are. In this there is also the involvement of the FTI and more interesting that a Cyber Security firm did not look past the simplest trappings, as as we consider the optional involvement of Anthony J. Ferrante we need to consider sending quota to all 49 of the Global 100 companies that are FTI clients. Even if it was merely to make a few people sweat. When a non Cyber adapt like me can see through this part they have a clear problem and whether Anony Mouse Bezos was part of this or not will not matter. There is one other part in the report that should be considered. On page 2 we see “More significantly. al Qahtani is known to have played a key and senior role in the killing of Washington Post columnist Jamal Khashoggi.” In the first, he was acquitted (in a Saudi trial) and there has been no other trials, as such the statement should be read as false, no clear evidence was ever presented. In the second, as this is part of the executive summary, it seems that this was a way to blatantly strike out against one individual and the evidence is not corroborating any of this, too many questions are left unanswered and the media is not asking them either, as such I wonder what is to be believed, especially in light of the Daily Mail ‘revelation’ last August, which implies long in advance of this report. The fact that this (optional) fact is ignored gives out a much larger issue, the work in incomplete, debatable and political, not factual, as such sending serious cyber letters to the 49 of the Global 100 companies that are FTI clients, as I personally see it, these players are all about facts and when their provider and be painted as open for considerations, we should entertain all kinds of questions. 

I would also look at the footnotes and take a larger look at that descriptive part, I wonder what is left once I have had the chance to take a red pencil through this report. Now, I am not stating that Crown Prince of Saudi Arabia Mohammad Bin Salman Al Saud is innocent, I am merely considering that his evidence is so shallow, that I would never accuse him of anything, not before a lot more work was done (and a lot more footnotes were properly weighed), in this consider on page 3 footnote 8. When we go there, we see that the article is Lorenzo Franceschi-Bicchierai a member of Motherboard (so why is there no Motherboard article that is the source), we see “An investor from Saudi  Arabia is apparently behind a company that bought a stake in the controversial spyware vendor” where ‘apparently‘ is the operative word. It is also where we see: “Hacking Team was thoroughly owned, with its once-secret list of customers, internal emails, and spyware source code leaked online for anyone to see“, were all these customers on a secret list investigated? There is also ‘spyware source code leaked online for anyone to see‘, a small fact that is apparently not investigated, additional players all optionally ready to give someone called Bezos the time of his on-line life. Then we get “this apparent recovery is in part thanks to the new investor, who appears to be from Saudi Arabia“, a line ruled by, you guessed it ‘apparent‘ and ‘who appears‘, so much filtering and doubt, and in this FTI used that as a footnote source? A program co-owned for 80% by none other then David Vincenzetti. That does NOT make HIM a guilty party and neither is there any convincing evidence of any kind towards the Crown Prince of Saudi Arabia Mohammad Bin Salman Al Saud.

When I see all this I wonder if the UN (or FTI) has any clue how much we should regard them as tools. I cannot tell at present what kind of tools they are, but my personal view is that if this is the debatable level of evidence that some employ, we all are in so much more trouble then we ever thought.

 

Leave a comment

Filed under IT, Law, Media, Military, Politics, Science

Two unrelated issues

OK, today is not the day to piss off Alexander Bortnikov, I wanted to do that just to celebrate his 11th anniversary of him being the Director of the FSB, as such my sense of humour demands that I would put a whoopi cushion on his car seat, alas, I could not get close, someone decided to try a novel approach to the concept of Suicide by Cop (at https://www.theguardian.com/world/2019/dec/19/moscow-shooting-russia-people-shot-dead-intelligence-agency), instead of pushing the buttons of a militia officer, we see the apparant acts of a looney tunes person who decided to fire on the reception of Federal Security Service, that is an act that will get you killed and he did. Now, let’s be clear, there is a reason to bring this up. You see there is one building in Moscow (basically in the entire CCCP), where the most vile, the most feared and the most despicable member of any Russian criminal organisation takes a detour, it is the Lubyanka building, the headquarters of the FSB in Moscow. Consider some Bratva captain, 120 Kg of muscles, fearless and life ignoring person ends up shaking and like a little girl that is crying, the cause would be one building in Russia that does that. So when a person comes around shooting at its reception, I tend to call that a novel way to invite Suicide by Cop and I cannot fathom the desperation from life that a person has to pull that off (there are 999 other ways to go with 99.99999% certainty and most of them are 100% less painful and scary), optionaly as distractions go, it is perhaps the worst one yet. 

Oh, and there is not some special required form of data intelligence required, we could argue that the fear for that building is handed to any Russian citizen when they start school, so for the life of me I can not figure out why someone would be this stupid, it is like grabbing a bucket of water from the Volga in Saratov and personally dumping the bucket in he Caspian Sea, not only meaningless, but you end up being alive at the end of that journey, attacking the FSB building with anything less than an entire army and your chances to survive become a whole lot less certain. Yet in all that, the fact that the attack made several newsgroups is important, you see, the news never sleeps, yet they do get to filter what we hear. 

From the Israeli news desk

The Guardian (at https://www.theguardian.com/world/2019/dec/19/israeli-spyware-allegedly-used-to-target-pakistani-officials-phones) (as well as Israeli Newspapers, give us ‘Israeli spyware allegedly used to target Pakistani officials’ phones‘, with the byline ‘NSO Group malware may have been used to access WhatsApp messages for ‘state-on-state’ espionage’, news that made a lot less newspapers on a global scale, is that not weird? Now, I am not stating whether there is validity, I am not stating on behalf of the NSO Group that it is false, yet this private firm founded by Niv Carmi, Omri Lavie and Shalev Hulio is showing to be an expert company in acquiring information. The papers need to guard their words and I get that, yet when we see anonymous sources and “those who could have been compromised” I feel like I am in a play that I have seen before. The more important part is “All the suspected intrusions exploited a vulnerability in WhatsApp software that potentially allowed the users of the malware to access messages and data on the targets’ phones“, yet it seems that there is not really that much taste for the weakness of the makers, is there?

When get the optional state where we see “The lawsuit claimed intended targets included “attorneys, journalists, human rights activists, political dissidents, diplomats, and other senior foreign government officials”” and in that state I would make the demand ‘can we see those names please?‘ Yet it is a personal demand that will not be answered, there is too much doubt on the who did what and who wanted to know. I have a little more faith in “NSO has said it will vigorously contest the claim and has insisted that its technology is only used by law enforcement agencies around the world to snare criminals, terrorists and paedophiles“, you see that is a business approach to intelligence that brings money on the table and Yes, there is a chance that someone wanted to know more about certain Pakistani, yet that list given by Facebook is just a little too weird, yet the names might brighten up the need for it, and as we are treated to “The alleged targeting of Pakistani officials gives a first insight into how NSO’s signature “Pegasus” spyware could have been used for “state-on-state” espionage“, it is the difference of stance, the state of ‘alleged‘ that brings the doubt. In the article I do not disagree with “This kind of spyware is marketed as designed for criminal investigations. But the open secret is that it also winds up being used for political surveillance and government-on-government spying” for that we need to say that John Scott-Railton is seemingly completely correct, yet in all this, we see and identify a timeline and it becomes more and more apparent that not only did other interest groups (CIA, FBI, MI-5, MI-6, DGSE, et al) need this weakness, we see a longer timeline and we wonder what WhatsApp and Facebook have done about it so far. More important, why would any official use something like WhatsApp? I mean for private use, yes, yet for their business phone? It is the application of Common Cyber Sense that is lacking here and to give all that data to Facebook (WhatsApp) is calling some parts into question. CBS News gave the people in 2018 ‘WhatsApp co-founder: “I sold my users’ privacy” to Facebook‘, I get it! Cambridge Analytica changed a lot, but so it would have changed a lot for state players, as such the act of pushing for WhatsApp in government and secure conversations, it does not make sense. CBS also gave us in 2018 “U.S. intelligence agencies have said that Russian actors used Facebook and Instagram to wage a campaign of disinformation in the election” and if WhatsApp and Facebook are owned by the same person we see the even larger lack of Common Cyber Sense. WhatsApp has been the name in Scandals in 2017 and 2018 as well, so when the needed question ‘Why is a state player using WhatsApp in the age of Common Cyber Sense?‘ comes out, we see that the bulk of people, hacktivists and journalists have not asked this question, just like the weird part where we all look at the attack on Lubyanka, and no one looks beyond a certain point. 

This view does not exonorte the NSO group, yet it is asking larger questions that take the group out of the field of vision and looks at the larger issues. More important the claim “While it is not clear who wanted to target Pakistani government officials, the details are likely to fuel speculation that India could have been using NSO technology for domestic and international surveillance“, you see pointing at their natural enemy is fun, however the fact that most European intelligence groups want to know about scores of Pakistani is also left off the table, in light of Pakistan and its Middle East connections, so are Israel and America, especially as America is losing foothold in the Middle East, finding any Russsian link to any Pakistani would be worth a lot to them, they lack all plenty of resources there.

You see, there is all the need for action when we see “The government of the Indian prime minister, Narendra Modi, is facing questions from human rights activists about whether it has bought NSO technology after it emerged that 121 WhatsApp users in India were allegedly targeted earlier this year” however everyone is overlooking ‘121‘ as a number. There are 400 million WhatsApp users in India, nobody would get to the 121 users in such a short time, the absence of ‘alleged‘ and optionally ‘so far 121 alleged users have been found‘ is a much larger issue that anyone realises. The fact that there are more questions popping up regarding the alleged NSO software is also overlooked. There is a much larger play in the field and it seems that certain people do not look towards certain players and the absence of Common Cyber Sense is just overwhelmingly staggering. It is almost like you are tired of life and decide to attack FSB headquarters with a gun. 

Yet in all this, the amount of users in Pakistan is also the part we need to look at, you cannot merely check in seconds, this is a not an on the fly solution, so there are all kinds of questions, especially with 1.5 billion users of that app, we see a lack of thoughts, questions and especially software engineers treating the software weakness and this has been going on for quite some time. the fact that the larger collection of media is not getting to this question is just allegedly largely insane. 

So as we consider “users in India were allegedly targeted earlier this year” we need to ask, how long until this glitch is fixed? The fact that certain glitches have been there since 2017 is a much larger concern, but the media does not stop at this point, does it? I reckon they are taking their time looking at the one suicidal person pointlessly attacking Lubyanka.

Two issues that might seem unrelated (and they are not), yet it tells a lot more about the media and state players than you should be comfortable with, feel free to WhatsApp that question to others, the state players will get to it eventually.

 

Leave a comment

Filed under IT, Media, Military, Politics, Science

The side no one seriously looks at

There was an issue, in the Guardian voiced it less than three hours ago as: ‘WhatsApp ‘hack’ is serious rights violation, say alleged victims‘, yet in all this, in all the banter, in all the accusations, the one side not heard is the one not mentioned in any newspaper, why is that? (the article is at https://www.theguardian.com/technology/2019/nov/01/whatsapp-hack-is-serious-rights-violation-say-alleged-victims)

We all see: “More than a dozen pro-democracy activists, journalists and academics have spoken out after WhatsApp privately warned them they had allegedly been the victims of cyber-attacks designed to secretly infiltrate their mobile phones“, in equal measure we see “malware sold by NSO Group, an Israeli cyber weapons company” yet no one discusses the main frame of the mind. No one discusses the fact that WhatsApp got hacked, the fact that a software solution found the software hackable.

We see Facebook, WhatsApp, Pinter, Twitter and no one makes a larger leap on the How. How are these solutions so hackable? There is one voice in the article giving us “One referred to Facebook as “the world’s greatest privacy violator”” At this point you might think that it is merely a way to look at someone else, but it is not. These software vendors are all about sellable and resalable technologies, so they want to make a deal with large corporations who can mine that data to their hearts content, the problem is how to do it without the overbearing amount of oversight, neither side wants that, it would result in uneasy questions and questions that have answers that a lot of people would not want to work on until forced.

And how do you think that NSO technology, a company etched in cyber intelligence and software solutions to find counterintelligence loops would design a way to get into places like WhatsApp and Facebook?

  1. There is a need
  2. There is the opening
  3. Both one and two represent a massive amount of money.

It is that simple and whilst we all want to shout ‘foul, foul’ are we shouting at the right people?

Are we shouting at WhatsApp and Facebook for allowing these gaps to appear in their software? No we do not and we need to wake up. Did you learn nothing from Cambridge Analityca?

The movements of people is worth a lot of money, whilst we all seem hell bent in locking out governments, we open up to commercial enterprises like there is no tomorrow, like there is no hassle there, but that side is the largest hassle of all, they sell some form of access directly to insurances for ‘advertising’ to healthcare clinics for the same reason and they do not care how that knowledge is used. And there is no reason people forget that a company is often no more than its mission statement:  “People use Facebook to stay connected with friends and family, to discover what’s going on in the world, and to share and express what matters to them” The Facebook corporate vision statement in its direct form. There is no mention of data security, there is no need for data arbitration, and none of it is there. The same could be stated about WhatsApp “Our messages and calls are secured with end-to-end encryption, meaning that no third party including WhatsApp can read or listen to them. Behind every product decision is our desire to let people communicate anywhere in the world without barriers” there we see no security affix in regards to from who to who(m). And let’s be direct here the part ‘to let people communicate anywhere in the world without barriers‘ is quite sincere, there is no hiatus on KNOWING who is speaking to who, do they?

That are merely tow basic parts that are ignored and they are open and for sale, places like NSO technology fixed their views on getting to those parts of the equation for their customer. Basically Facebook and WhatsApp let them, that is the part you remain ignorant about and that is why it is happening again and again.

You did not think it was going to be easy did ya!

All these issues would fall away when the stage for secure apps would actually be secure, that is the one part that would stop a lot of this and with smaller apps it will happen, when the app comes to a size of distribution where a few hundred million users will be using it, the need for a secure app will be out in the open, well over a dozen of these apps are out in the open and there is not solution, not until that changes and if it were up to the politicians it will never change, because they need that data too.

So if you want a secure App, you will just have to stop using the one you have until they make a secure edition of the App, now there are a whole range of ideas on how that will be, for example that App will not be free, or in case of Facebook where data is their brainchild, they will figure something out, but until they do none of your data is allowed to be secure.

Doubt my words?

Consider that three programmers were at the foundation of NSO Technology Niv Carmi, Omri Lavie, and Shalev Hulio figured out what internal programmers clearly knew but did not stop to realise and these three founded software to combat terror and crime, Three programmers could see what the 150+ programmers could clearly see in the halls of Facebook and WhatsApp and now we see “the lawsuit described the alleged attacks as an “unmistakeable pattern of abuse” that violated US law” instead of the question: “How was this possible in the first place?

The need to be able to answer that question will reside far and wide in the scope of software developers, it will reside far and wide in the heads of those using these solutions, but not as much in the heads of the developers or the politicians, they know what was there, they knew what was for sale. And in all this the brief reads “More than a dozen pro-democracy activists, journalists and academics have spoken out after WhatsApp privately warned them they had allegedly been the victims of cyber-attacks designed to secretly infiltrate their mobile phones” and no one wonders why there are no politicians on that list? Or perhaps they are the ‘academics’ in all this.

In all this and no one is asking the question ‘Why was the weakness there to begin with?‘ and in all this the entire how come that the pattern of abuse is the one violating US Law and the weakness in the software is not?

Consider that for a moment! #JustSaying

 

Leave a comment

Filed under IT, Law, Media, Politics, Science

The first changes

We have arrived at the point of the first changes; the next 12 months will give a much larger view of the consumers and the changes that they are willing to accept. The Huawei P30 Pro is the beginning of this; at $1249 this choice is a lot cheaper than its competitor Samsung $1849 (a difference of 32.5%, whilst the Apple at $1999 will set you back an additional 37.5%, this adds up to a lot! Yet the price is not the issue, the fact that the Huawei now comes without YouTube, Google Maps and Gmail among other software, it also does not feature Google’s Play Store. It is an Android game changer; Huawei has pre-loaded new alternative apps of its own. It was the step we expected, the trade wars with China and the persecution of Huawei and the discrimination against Huawei was actually THAT stupid. Now that we are confronted with the changes we will see a new optional change. When an equal mobile is well over $500 cheaper we see the changes that matter. As the people get accustomed to other apps, apps that replace social media solutions we see a shift of consumers, I personally believe it will be a lager change. I do recommend that there will be an upgraded LinkedIn and a new Facebook available, yet there is a situation where the Asian population in Australia will embrace the Chinese solutions, there is in addition a larger need for affordable phones, so there will be a larger shift. Yes, most will hate being without Facebook, yet the credibility Facebook has lost in the past, the people might just keep these solutions on their laptop/Desktop. Yet there is already word that Facebook, Instagram and WhatsApp would all be available via Huawei’s own store, called the Huawei App Gallery, so all is not lost, but the fact that Google will lose millions of people who will now go via the Huawei App Gallery is almost a given. The BBC (at https://www.bbc.com/news/technology-49754376) also gave us: “He added that the firm had set aside $1bn (£801m) to encourage developers to make their apps compatible, and said more than 45,000 apps had already integrated the firm’s technology. But he did not name any of them“, so $1,000,000,000 to corner a market and get a handle into the Chinese app user market. It will be found and it will create momentum. I changed my mobile less than a year ago, so I have no need to change for now, yet there is every indication that the upgrade to a new Android version will see me change as well and why would I not do that? Perhaps I am part of the population that thinks “Maybe they’re just trying to ride it out in the hope that they eventually get access to those Google services later“, I am most likely on that fence, however when I check the amount of options that I desperately want on my Mobile, I am limited to WordPress and LinkedIn, and they are not essential, merely a nice to have on my mobile. I can do either on a desktop. I am not alone, as thousands will shift from one side to the other month by month, Google will feel the pinch. Consider that there will be a close to immediate shift on YouTube metrics, implying that the Google Ads department will start requiring new metrics to keep their push going, we see a larger impact on Google, it will not be immediate, but it will be there and growing from the beginning, even as Google and the US will debate on how wrong the metrics are, they too realise that the American corporations will see the impact on their business, it will be visible and direct, merely because a war on greed by flaccid politicians and surpassed technologists was stated to be in denial.

The US did not to its homework, it neglected the choirs they have and are now pushing their losses on other markets. Even as we contemplate what the impact of “side-loading” Google’s apps onto the handsets and that phone store staff would advise customers how to do that. They are wondering how it would limit its impact as long as the usage impact remains close to 100%, when that falters a few times the consumers will be offered alternatives that are 100% and that is where we see the shift towards Chinese commerce.

Now that Huawei has been informed on my 5 parts of IP (hopefully bringing me decent funds too), there might be a larger shift as the issues in 5G cybersecurity and propagating 5G commerce is still lacking at least 3 elements, I feel that I will win in the long run. All the players that are behind ‘T-Mobile gets closer to launching nationwide 5G on low-band spectrum‘, I have seen that Sprint, T-Mobile, Vodafone, Telstra, as well as BT have not implemented certain parts and even what they designed lacks certain small business needs, as such I feel a lot more confident on my IP. They had 3 years to look at it and they have the same short minded and shallow approach to business ignoring the Small businesses (a little over 400 million of them) to the larger degree. All elements that were clearly visible moved from the 4G premise of ‘Wherever I am‘, to 5G ‘Whenever I want it‘, that failure alone gives Huawei an additional push. As the numbers rack up towards Huawei and Chinese innovation, we will see a larger change towards the business needs and so far none of the non-Chinese solutions have addressed these changes.

As the Chinese app user market explodes in activities between now and December 2020 we will see a larger shift. With Huawei market share at 19% and Oppo at 9.5%, we see a larger growth towards 5G, as Apple is now declining to 37%, we see that Apple in 5G will lose close to 15% all these parts matter, because it does more than increase the market share for Huawei, it actually gives China a larger option to grow in a few directions that it had no real option to grow in previously, the anti-Huawei steps were THAT stupid and now we start seeing the impact. The only way to stop this is for American brands to start offering their phones at the same price as Huawei is. And that is how we see it, Google took that step and offered the Pixel 3XL at a mere 16% extra and that might be a reason to switch to Google, but in the end the others are now pushing themselves out of the race quicker and quicker.

There is a larger need to consider, as the US is getting its thanksgiving and as we are all facing Christmas (and the Dutch will get Saint Nicholas as well) the consumers will have a limited option, yet an essential need to tickle themselves, when you consider that place, would you accept the $1249 that gives you what you need, or would you spend 37.5% for what others market you towards your needs? When you realise that the essentials can be done on the smaller budget, in a time when budgets are still tight and the dangers of recession remains, can you really afford to spend those hundreds of dollars more?

The bulk of the people I know cannot afford them, they often will accept a more expensive contract, yet in the stage when 5G is about to come, would you really want to tie yourself down? And when all the small business owners realise that the current stage will hurt their business for 2-3 years, would they really want to take that chance when the commerce slice is the one everyone wants, at that point can they tie themselves down?

The first changes are here, but they also signal larger changes towards a stage where commerce will be the deciding factor and the bulk of them merely looked at their needs to sell, they to a much larger degree forget to consider what their consumers needed in the 5G environment, that failure will rear its ugly head soon enough, as I see it, Huawei is finding themselves ready for that shift. In the end that is the third stage of innovation that lazy Americans ignored, I wonder how much that will cost them this time around. As I personally see it, 400 million small business owners was too large a group to leave in the cauldron of non-decisions, yet that is exactly what they did in Europe and the US.

Forbes

So as Forbes gives us ‘Shock New Google Warning For Anyone Buying Huawei Mate 30‘, we see how the writer Zak Doffman gives us (at https://www.forbes.com/sites/zakdoffman/2019/09/20/shock-new-google-warning-for-anyone-buying-huawei-mate-30) “Despite impressive hardware innovation, the media write-ups went straight to the lack of full-fat Android, the lack of YouTube and Gmail and Google Maps, the lack of the Play Store” which opposes the BBC, who did give clear mention and as implied so did Huawei. So there we are, already we see issues with the media bringers. After that we see the barricade “24-hours post launch, the reality of the Mate 30 is firming up. It seems highly unlikely there is any Google workaround” yet the reality is that these users get a first glimpse that it is possible to be without Google on their mobile, we do not have to get bothered every minute on news we did not need. In addition with a functional browser we still get what we need, we just will not get it via an app (for now), and believe me when the numbers start slashing into the Google needs, they will want a workaround as desperately as possible. The writer even ends with: “And so for any of you enamoured with the Mate 30 hardware who can live without Google for an unknown amount of time, maybe this is a risk worth taking” which is at the heart of the matter, not the heart we choose and not the one Google choice, because when the numbers start proving that there is real life after google, those numbers will give growth to an exponential growth of people accepting Chinese apps and accepting non-Google solutions. I feel certain that it will happen, merely because the browser is still going to be there and it will show that there is a larger need in people, even if it is to show that the want to prove that dependency on Facebook and Google is a solution, even if it is a mere point of ego, they want to prove that they are not the slave of their mobile. That alone will be a driving factor as well.

No matter how we slice it, within the next 12 months we will see an almost polarised population, those who want the best and fastest and those who need some Google solution, both will have their own validity and merits, yet in the end as small business owners see that Huawei 5G solutions can cater to both, they get to win and that is the real victory, soon thereafter the US will change the blacklist, the moment that there is a clear invoice to the losses and Google will hold the US government accountable to these tax deductible losses, at that point will we see a strong push to find some middle ground, the US will have to give is with every additional billion dollar loss and market shift towards China. They basically have no options left, their inability to deal with Iran is one view, their inability to deal with Syria is a second stage of evidence, and within the next 12 months we will get several other pieces of evidence get released to the larger audience. And that is not the end of it, as the cases regarding Pacific Gas and Electric Company, Purdue Pharma, OrbCare, Insys Therapeutics Inc and their bankruptcy issues are rising, they matter to the regard that the US government is seeing the pinch from 3 directions at present, and that is only whilst California is able to keep its head above the waterline. All these impact are also the impact on 5G propagation, installation and implementation. When you doubt that, consider the Government tech source hat gave us “5G won’t roll out to much of Southern California for a few more years, but companies such as Verizon and AT&T are beginning to install the necessary infrastructure, including those small cells pole by pole, across the region” last April, the fires and other calamities only made things harder, so whilst we see the FCC stepping in, we only see more hindrance for these people, not less and that is the impacting issue from Pasadena to Huntington Beach, and that is only the most visible one. The infrastructure is getting a second hit as we are shown that “the Federal Communications Commission is now restricting how much cities can charge the companies to install equipment: $500 for up to five cells, $100 a cell after that and a $270 annual access fee for each cell“, it is a loaded issue no matter how you slice it and whilst they are trying to figure out how to resolve it, the truth of the matter is that Huawei had this issue solved already and that is how California (and other states) end up getting limited 5G for 2-3 years, all whilst the Huawei case is growing more and more outside of the USA. It is a situation where the technology is not up to scrap and the diminished amount of funds available allows for no alternatives either; now add to this the consumers shifting to some degree away from Google who relies on Google Ads more and more and a near perfect storm is created, a storm that slams the US and gives growth upon growth to China and Chinese interests.

As the EU is accepting Huawei and as Huawei is now embracing a shift towards cloud systems, and as it grows the needs, and sets the growing stage towards 21Vianet, we see a much larger shift and in all this, the first changes brought a push in directions we never considered before. It was only a day ago when Microsoft President Brad Smith requested that the United States should end its blacklisting of Chinese giant Huawei Technologies, we might not realise it, yet the changes allowed for Huawei to look into a partnership with 21Vianet, which will directly impede Microsoft Azure business that is not in Chinese hands (outside of China), in this stage 21Vianet will have a direct option to offer services to European players, as it will not be their solution, but a Huawei solutions and the group of small businesses that are in Europe (a nice slice of 400 million companies) they too will select ‘the other’ Chinese solution. All instigated by a Huawei war that was not based on facts or on reality, it was to address the need of greed and now that it bites back, the US will find itself at the dinner table where only humble pie is to be served. When they buckle (and they will) the shift becomes larger and faster, because at that point the consumers will have the additional questions that will be met with denial on every level conceivable.

Huawei would need to do one additional thing to make that wave a lot larger, I wonder if they will do just that before the end of this year.

 

Leave a comment

Filed under Finance, Media, Politics, Science

The wider field

There is a wider field, the field is ignored by many because it overlaps in several ways and most people (read: media) tend to stare at one element. We can argue whether it is bad or good, but it does mean that the bulk of the information is not there. To get this view we need to look at several sources. First we get the International Business Times, they give us two headlines. The first is ‘Samsung Expecting Profits Slump For Q2‘ as well as ‘Huawei Ban Helps Company Earn More‘, in one way we get an increase of revenue due to the Huawei events in the US, yet there is still a Q2 slump. There are several plays that apply, but it is not about the play as such. The firs realisation is that 5G is currently being ‘advertised as here‘ by several players and at present there is an increased question on which phone is 4G and/or 5G and most people are holding off on phones this year until that field has a better view on what is available. Most people cannot afford to buy a new phone when some new models are $1800, most people cannot afford a step like that and being tied to any provider at present is an increasingly bad step to make. Even as Huawei is 20% cheaper, it remains a lot of money, and the Google (Android) issues are still there, so people are hesitant. I might have committed myself to Huawei, but that is in part because I renewed my phone in the beginning of the year, so it has to last me 2-3 more years (I have principles towards blatantly buying new phones) and I am happy with my phone.

then there is the new stage hat is now evolving when we see CNN Business give us (at https://edition.cnn.com/2019/07/04/tech/huawei-us-ban/index.html) ‘US government asks judge to dismiss Huawei lawsuit‘, they are rightfully scared because the claim: “Huawei had filed the lawsuit in March, arguing that a law preventing US federal agencies from buying its products violates the US constitution by singling out an individual or group for punishment without trial” is almost a given, the US government made sure that every media outlet on the planet took great painstaking effort in illuminating that and now it becomes the anchor attached to their legs as they have to swim across the Pacific river (or Atlantic river). If the case goes through and discrimination is proven, the impact will be monumental, especially as no evidence was ever brought forward and if we are a nation of laws, the impact will be large, moreover, at present Huawei is still growing its pool of 5G contracts and should the Case fall on the side of Huawei, the impact on Europe will be much larger, it could signal a much larger run on trying to get a quick deal with Huawei, not because they are nice people (they optionally are), but because Huawei 5G equipment is more advanced and all the telecom players know this. Ericsson and Nokia fear that side, they had a good run due to the escalations, but Huawei is still on par to have well over 50% of 5G by themselves and that is what the US fears, that large a disadvantage because its pool of CEO’s and CTO’s were increasingly stupid, flaccid and complacent in an age where pushing innovation was essential.

The issue is not out of the room yet because there is the larger issue that everyone has not been looking at. There is still the Google issue around Android. Consider that Huawei’s Oak OS is now 60 days away from release, it is the start where people who were initially ‘forced’ to dump Android, they now will be part of the Oak OS group, a data core that involves millions from adding data to the Oak servers and no more to the Google servers. The impact seems small, but it impacts the US to a much larger degree, this stance has given China a much larger boost than ever possible. For the users it will only be a temporary setback, as apps will be supported through Oak/OS, these players will continue, yet the overhaul as people push away from android is much larger than the interaction of IOS versus Android. Consider what you need. The bulk of all android apps we use will almost immediately be available, leaving us with optionally some issues regarding LinkedIn, Facebook, WhatsApp and Instagram. Now there is a new stage where Chinese options could be considered and for the most when we can address who we need, we might not care on where we are. The idea that advertisements might initially fall away will be a massive reason to do that. I am certain that there will be a Facebook Oak and LinkedIn Oak, the rest remains open, the usage is huge but that too might be a reason to try something new, people love new things, especially if it comes with cool additions and new we see a different stage, it is not the US that matters, it is whether China has options that appeal to India and Europe, these three represent 3 billion people and there is the data crunch, they will not all go the Chinese solution, but even 10% would be massive, it would be a an intense gut punch to Google, more important over time as word of mouth make more people switch, the damage will increase for Google. Make no mistake, it will merely impact the total, it will not sink Google, it is too large, but in light of their predictions when they have 20% less data points to make predictions with, granularity becomes an issue for the professional side and there too there will be an impact, Chinese app owners will have their own digital advertisement agenda and business dictates that you cannot ignore that population, so budgets will be shortened to cover an audience as large as possible.

All that because of the Huawei ban, which was shown to be short-sighted from the very beginning. Consider that we were given in June: “Huawei can no longer pre-install Facebook apps on its smartphones after Facebook fell into line with a US ban on exporting software“, now consider that suddenly millions are offered a pre-installed WeChat and they are willing to try it, the impact on Facebook will be seen in less than 60 days, the fact that Facebook had been playing games with its mobile users for a much longer time will also entice users to give it a try. Not all will stay, but some will and the dimension of ‘some’ will imply a drop of Facebook of several million user. In addition we see “Chinese users spend an average of over 70 minutes a day within the app. All this makes it one of the most popular choices for businesses looking to get started with social media marketing in China“, yes it was overwhelmingly Chinese, yet in the shift it will now have optional access to a large Indian and European following. In addition the shift we optionally see when we realise: “WeChat allows for one-to-one personalized interaction between brands and users. This allows brands to communicate directly with their followers through the messaging functions on their account. This also allows brands to provide customer service directly through their WeChat account. It’s due to this reason that many companies in China don’t even operate traditional websites instead of focusing their efforts on constantly improving their WeChat official accounts” direct granularity towards the user, not mass marketing, but adjusted marketing for the individual, and then consider players like Tableau, Salesforce (now one and the same), SAP, Sony and Microsoft all wanting to address the person, not the masses, do you think that they will ignore this group of users? These people invest hundreds, if not thousands of dollars a day towards addressing their growing need of users, all revenue that is soon lost to Apple and Google. It goes beyond merely Facebook; Twitter and Snapchat, all have a Chinese version that now has the option to surpass (read: close the gap) towards their competitors. Surpass is perhaps the wrong word, the fact that people will consider the alternative in the immediate is a risk for these players, it sets the dangers of schools of users to switch to another pond, so those fishing for ads, visibility and awareness, they will all have to adjust the way they operate. There now are now only two parts where I have no idea how it will play out. Youku Tudou is the Chinese version of YouTube, but YouTube is so strongly placed that I have no idea how that will go, the same for LinkedIn. these are the two we cannot predict, no one can, but if they remain absent from Oak/OS something will have to budge, the question becomes how much do you need LinkedIn to be on your smartphone when you can just catch up daily at home, or in the office. I personally do not believe that its equivalent Maimai will be embraced as strongly as Maimai would hope, but that is my speculation on the matter.

Only YouTube as it is and remains the behemoth of Google, is too strong an app to ignore, it is too strongly desired, especially on smartphones, some might give Youku Tudou a try, but the library of YouTube increases with 300 hours of material every minute, there is no real competing with that, no matter how you slice that. There is no denial that their Chinese competitor will grow, but there the impact is less than a mosquito bite for YouTube, it is perhaps the one part of Google that no one seemingly can be without.

Is there another side?

Well there is always the option that everything in Google will be accessible on Huawei phones and that is for Google the best solution, but at present that part is just not a given, and when many Huawei smartphones are between 20%-40% cheaper, they will have an advantage and only because of US stupidity that impact is now optionally becoming much larger. And now the shift is changing faster, the Observer gave us on Saturday ‘UK mobile operators ignore security fears over Huawei 5G‘, when we consider the quote “The Observer understands that Huawei is already involved in building 5G networks in six of the seven cities in the UK where Vodafone has gone live. It is also helping build hundreds of 5G sites for EE, and has won 5G contracts to build networks for Three and O2 when they go live“, we see how things are escalating away from the US. the massive part in all this is “a firm line against the company amid claims, strongly denied, that it is controlled by the Chinese government and that its equipment could be used to spy on other countries and companies” all from the point of view that clear evidence was never provided and the commercial corporations need to remain on top or drown and that was the larger flaw the US never seemingly understood (or blatantly ignored). Yet the other side also matter, as the numbers are given: “The consultancy Assembly suggests a partial to full restriction on Huawei could result in an 18-to-24-month delay to the widespread availability of 5G in the UK. The UK would then fail to become a world leader in 5G – a key government target – costing the economy between £4.5bn and £6.8bn” (source: the Guardian). People tend to get nervous at a loss of millions, so the loss of £4,000,000,000 plus is something that can start cardiac arrests all over the telecom boardrooms. More important as Huawei is still ’embraced’ in Germany, the German players will get the upper hand over other European players giving a larger technological shift. The final straw was the consideration of “They have taken note of what happened last December when the O2 4G network went down for 24 hours due to problems with technology provided by the Swedish telecoms firm Ericsson“, a danger as this was 4G technology that should have been clear and non-problematic, now consider that this happened to established technology, so what optional risks are Ericsson users exposed to when in involves 5G, a technology that Nokia and Ericsson is still trying to figure out?

In all this, Huawei has not stopped adding pressure. Now that we see that less than 24 hours ago we were notified that Huawei has completed the contracts with Msheireb Properties. It seems small and insignificant, but it is not. With a smart experience centre in Qatar, it is my expectations that they are ready to approach and upgrade Al Jazeera to 5G, it is speculative but it will be the first time that Al Jazeera surpasses CNN technology (as well a Fox News), It might not matter to most of us, but to people like Nasser Al-Khelaifi (beIN Media Group) it matters a lot, so when we are informed that Al Jazeera getting ready to offer 5G streaming during the Tokyo 2020 Summer Olympics and Huawei as a Chinese company is mentioned everywhere in Tokyo, you better believe that these two are on top of making this work as fast and as quickly as possible, so when I created my base station IP, I never considered this, but it fits and that is another notch that some miss out on. Half the planet goes nuts for sports on a regular day, how nuts do you think the planet goes when ‘their nation‘ is fighting its fight (against up to 205 other nations) to be the best at the Olympics? When you get to watch that live, streaming it all at 5G, do you really think that people will care who brings it as long as it is true 5G? In several nations the brand jump was huge when 4G became real and some were not up to scrap, I believe that this time around the jump will be close to 300% larger than before, and the Tokyo Olympics will be a clear driver on that part. When 206 nations fight for the laurels (gold medals) every nationally driven sports fan tends to get a little (read: abundantly) nuts, and at present that group of people is well over 3 billion people, all factors some players did not consider when they were playing the short game, Huawei never played the short game, it gives them an advantage in several ways.

That is merely my view on the situation at present.

 

Leave a comment

Filed under Finance, IT, Media, Science

Game of Pawns

Most people have heard of the Game of Thrones, George R.R. Martin’s masterpiece filmed and shown by HBO. Its final season will come in 2019 and the air is filled with teasers, speculated spoilers and optional fan made false trailers. Yet have you heard of the game of pawns? This goes directly towards the entire Australian Encryption Bill. I spoke about it 2 days ago in ‘Clueless to the end‘, where we are introduced to the misrepresented views of Peter Dutton. On how he plays the system on getting the FAANG group to help him a little, which is exactly what the FAANG group is unwilling to do. In addition to what I wrote there is the voice of Paul Brookes, chair of Internet Australia. He gave us: “it is important for law enforcement to find ways to improve their capabilities for intercepting criminal activities through the communications sectors, “they must not do so via hastily enacted legislation which fails to consider the legitimate concerns and advice of global technology experts, and carries the very clear risk of creating more problems than it solves”“, in this Paul is right and the issue is growing on other settings too. In the last three days we have been made privy to: ‘Hackers stole millions of Facebook users’ highly sensitive data — and the FBI has asked it not to say who might be behind it‘. Optionally because they cannot unsubstantiated blame Russia again, yet in the much larger setting it seems that they do not have a clue. In addition, we see evolving today: ‘PS4 Users Are Claiming That Malicious Messages Are Breaking Their Consoles‘. The last one seemingly has a solution as reported by Kotaku: “It does seem that the exploit is purely text-based, so changing your PlayStation messenger privacy settings should prevent it from happening. You can do that by going to Account Management in your console Settings, heading to the Privacy Settings submenu, and changing Messaging settings to “Friends Only” or “No One,” meaning that only your pre-selected friends or no one at all can message you“. Two attacks, the second one without knowing the extent of the attack in a setting that could not have been prevented by the encryption bill, the fact that the authorities have been grasping in the dark gives a very clear view on how short the authorities are on the ability to stop these events. All the BS short-sighted attempts to access data whilst the entire communication system is flawed beyond belief shows just how clueless the governmental players have become.

So as this week is likely to be about: “It appears to be the worst hack in Facebook’s 14-year history“, many will all go into the blame game against Cambridge Analytical, ye the foundation is that the internet was always flawed, and again we see a setting where the failing of non-repudiation is at the core of certain events. A setting where ““access tokens” – essentially digital keys that give them full access to compromised users’ accounts“, done through hacks into vulnerabilities into a setting of ‘authentication’, where the optional ‘non-repudiation’ might have optionally prevented it. That basic flaw has been around for over a decade and the tech companies are unwilling to fix it, because it makes them accountable in several additional ways.

Non-Repudiation

In a setting where you and you alone could have done certain things, is stage against the setting of someone with the claimed authority has staged the deletion of all you created. That is the stage we are in and the damage is increasing. As more and more vulnerabilities are brought to light, the lack of actions are beyond belief.

The NPR reported something interesting that the initial sources did not give me. They give us: “the hack exploited three separate bugs in Facebook’s code. No passwords were compromised, but the hackers were able to gain “access tokens” that let them use accounts as though they were logged in as another person“, as far as I can speculate, non-Repudiation might not have allowed that, making non-repudiation a much larger priority for social media than ever before. The fact that the data captures are getting larger makes the change also a lot more important. If the value of Facebook is data, keeping that secure should be their first priority, the Encryption bill would also be a void part if non-repudiation becomes an actual part of our lives. The dire need of Common Cyber Sense is seen everywhere and we need to give less consideration to people who cannot keep their Common Cyber Sense.

You see, the issue is becoming a lot more important. The fact that these accounts are now sold on the dark web, with the by-line: “If sold individually at these prices, the value of the stolen data on the black market would be somewhere between $150m and $600m“, we are certain that this will get a lot worse before there is any improvement. It is my personal view that actively seeking a non-repudiation setting will hasten that process of making your data more secure.

It is in addition the setting that the Dream Market offers, which by the way is useless. The Chinese vendor offering the data, could in the end merely be an expelled student from any US university living in Dublin, there is at present no way to tell who Chernobyl 2550 actually is.

Finding and exploiting three bugs in Facebook gets you optionally half a billion, the governments are that far behind and there is no indication that they will catch up any day soon. When going back to the Facebook setting, we also saw “Facebook said third-party apps and Facebook apps like WhatsApp and Instagram were unaffected by the breach“, yet another source gives us: ‘WhatsApp Bug Allowed Hackers To Hack Your Account With Just A Video Call’ (at https://www.valuewalk.com/2018/10/whatsapp-bug-video-call-fixed/) implying that Facebook users are in a lot more peril then shown from the different media. We are given: “A security researcher at Google’s Project Zero discovered a strange bug in WhatsApp that allowed hackers to take control of the app if they just knew your phone number. All they had to do was placing you a video call and getting you to answer it. Though the WhatsApp bug was disclosed only on Tuesday, Google researcher Natalie Silvanovich had discovered and reported it to the Facebook-owned company back in August“. So even as it seems that Facebook is not giving us ‘faulty’ information; the mere fact on the existence of the flaw as seen with: “She disclosed the WhatsApp bug to the public only after the company fixed it via a software update. Silvanovich wrote in a bug report that heap corruption could occur when the WhatsApp app “receives a malformed RTP packet.” The bug affects only the Android and iOS versions of WhatsApp because they use the Real-time Transport Protocol (RTP) for video calling” is showing a dangerous setting where a number of failings within this year alone gives rise to the flaws in security and proper testing of apps and the stage of security is failing faster than we should be comfortable with.

So even as CBS News was all about hacking elections last week, giving us: “These cyber-attackers are driven by a variety of motivations, says Andrea Little Limbago, the chief social scientist at data security firm Endgame. “As long as attackers find it in their best interests or find the motivation to want to have some sort of effect … they’re going to think about what they could do with that access,” she says. “Especially China, Russia, and Iran.”“, the failing we see that there is a flaw in the system, it is not merely on pointing at the wrong players, it is about the flawed setting that some systems were breached in the first place. The larger setting is not the hack, it is access and the need for non-repudiation is growing at an alarming rate, in a setting where none of the players are ready to accept non-repudiation, we see a faulty authentication approach and that is the cost of doing business. So when you consider it a sign of the times, consider that I personally witnessed a bug that Whatsapp showed over 27 years ago, when a financial package on DEC VAX/VMS has something called Ross Systems. An intentional illegal action would crash your terminal program and leave any user in the VAX/VMS system with supervisor rights, with total access to every file on the server and every drive. Would it be nice if certain lessons were learned over a quarter of a century?

That is the issue sand the opposition of those who want to push out new features as soon as possible and that danger will only increase in a 5G setting, so when your mobile becomes your personal data server and someone does get access to all your credit card and health data, you only have yourself to blame, good luck trying to sue the technology companies on that. Actually that is exactly what Google is facing with class actions against both the Pixel and Pixel 2 at present. Should they lose these, then the ante goes up, because any case involving flawed data security, when flagged as inappropriately dealt with could cost Google a lot more than they are bargaining for, and it is not just Google, Apple, and Facebook will be in equal settings of discomfort.

If only they had properly looked at the issues, instead of seeking the limelight with a new fab. In the end, are we mere pawns to them, to be exploited and under secured for their short terms needs of clicks and sales pitches? What happens when it falls? They will still get their golden handshakes and a life without complications for decades, what are we left with when our value in data is sold on?

We are merely pawns in a game and no one wants the throne, they merely want to be the second fiddle and walk away overly rich (or own the Iron Bank), we enabled this, and we get to live with the fallout that comes next, all because non-repudiation was too hard for these players.

 

Leave a comment

Filed under IT, Media, Politics, Science