Need a Spy? New Zealand Has Found a Resource
October 24, 2022
Israel’s armed and covert operatives are among the world’s most elite forces. It is not surprising when New Zealand’s government wanted to secretly spy and collect people’s data that they hired ex-Israeli operatives. Otago Daily explains whom New Zealand government tracked in the story: “Govt Enlists Ex-Israeli Spies To Covertly Collect Data.”
The New Zealand government, specifically the immigration department, hired Cobweb Technologies, a company formed by ex-Israeli spies. Meta (aka Facebook) kicked Cobwebs Technologies and six other foreign companies accused of creating fake accounts to spy on 50,000 people. The people spied on were journalists, politicians, human rights activists, and other persons of interest in over one hundred countries. The fake accounts also joined closed forums and communities to coerce members into sharing their private information.
Meta stated that Immigration NZ is only one of six countries that were Cobwebs Technologies’ customers. The department was a customer of the company for two years. Using social engineering, Cobweb Technologies uses its know-how to scan the Internet, mostly social media platforms, for targets’ public information.
New Zealand’s Ministry of Business, Innovation, and Employment stated that Cobwebs Technologies’ acts were legal, controlled, and important:
They helped it meet its “legislative responsibilities”, in an undefined but “specific” area where there were active threats, the ministry told RNZ in its OIA response. Revealing more would “enable and embolden” groups overseas seeking to undermine it.
‘We are aware of activity overseas showing an intent (and ability) of such groups to do exactly this, specifically in response to the public release of information of the kind we are withholding, including tactically altering their behavior, increasing their operational security or deliberately injecting misinformation to reduce the effectiveness of collection methods. If even a moderate event in this particular area were to eventuate, the consequences for New Zealand could be significant and costly to fix,’ MBIE said.”
What exactly was New Zealand Immigration learning from Cobwebs Technologies? If it was about potential terrorist attacks on the country, then it was for national defense. If it was to spy on people who were not a threat, but did not agree with the country’s political agenda then it was a crime. How do you define each?
Whitney Grace, October 24, 2022
Characteristics of a Dinobaby
October 21, 2022
Someone called my attention to the Buzzfeed article “Millennial Managers Are Sharing Toxic Things Their Older Bosses Did That They Won’t Do To Employees, And I Relate To A Lot Of These.” The list of millennial management precepts makes it very clear why I am a relic. The 25 characteristics are interesting. The table below provides my dinobaby view of five of these statements about the cohorts now in the workplace.
Millennial Mgmt |
Dinobaby Approach |
No micromanagement | Micromanage when warranted |
Open communication | Sometimes |
Rat on colleagues | Not this dinobaby |
Ask staff for ideas and examples | Yes, dinobabies do this |
Communicate what is needed to get promoted | Follow organization’s policies and procedures |
I cannot imagine how difficult it would be for this dinobaby to work with staff and managers who absolve themselves of the responsibility for knowing what the company expects, inculcating the organization’s policies and procedures in the work, and getting the best from each person. Eliminating managers and allowing employees to do their own thing is a recipe for disaster.
What if the organization has no rules of the road, is managed by a crazed genius, and lacks policies, procedures, and planning? Don’t take a full time job. Be a consultant and work on a short term contract. Avoid problem firms.
Stephen E Arnold, October 21, 2022
Expert Wants the Zuck to Resign: Yeah, Sure
October 20, 2022
I read what I think is an essay for a first year MBA class at an online university. The title? “It’s Time for Mark Zuckerberg to Step Down.” Like Mr. Putin, Mr. Zuckerberg seems to be part of the Facebook furniture. Fortunately the brilliant leader of the footless avatar company does not have nuclear weapons. He has the next best thing: Control of the company and a lot of money.
The write up ignores these facts, suggesting:
Mark Zuckerberg should quit. He should step down from his position as CEO of Meta and let someone else manage Facebook, WhatsApp, and Instagram. He should then use his vast wealth and venture-capital connections to launch a startup that can build out his vision of the metaverse.
I want to point out that the metaverse is to Mr. Zuckerberg what annexed regions of the Ukraine are to Mr. Putin. Under attack, these outstanding leaders retreat, talk with people who know an answer other than yes can have a downside, and make decisions from carpet land. These are top downers, not Millennial / GenX / GenY sensitives.
The article adds:
Americans generally find the company’s business model creepy. This has thrown Meta’s business into panic mode…
Panic mode. I don’t think so. The steps taken by Meta and other tech-centric firms are mostly engineering daring do. Logical steps often make sense to folks like Mr. Zuckerberg and I suppose Mr. Putin. Consequences? Sure. Ever hear of collateral damage?
Interesting stuff, particularly the last line of the analysis:
…he should quit.
Insightful. Maybe Mr. Putin and Mr. Zuckerberg will resign on the same day?
Stephen E Arnold, October 20, 2022
Gee, A Button Does Not Work? Does It Have Something to Do with Ads?
October 11, 2022
YouTube’s Interactive Rating Buttons Do Not Work
Oh, YouTube! What mistakes will are being made on the video-hosting platform now? According to The Verge, YouTube’s newest changes to its likes and dislikes features do not work: Dislike YouTube runs on a series of complex algorithms that rely on user feedback. The feedback tells the algorithms whether or not a user enjoys suggested content. As the algorithms are supposed to learn what videos users like and curate individualized content.
It is not working.
Mozilla researchers discovered that the YouTube buttons “dislike,” “not interested,” “stop recommending channel,” and “remove from watch history” do not remove the unwanted videos. Users are still plagued with more than half of the videos they do not want to see. Mozilla researchers collected their data with volunteer help:
“Mozilla researchers enlisted volunteers who used the foundation’s RegretsReporter, a browser extension that overlays a general “stop recommending” button to YouTube videos viewed by participants. On the back end, users were randomly assigned a group, so different signals were sent to YouTube each time they clicked the button placed by Mozilla — dislike, not interested, don’t recommend channel, remove from history, and a control group for whom no feedback was sent to the platform.
Using data collected from over 500 million recommended videos, research assistants created over 44,000 pairs of videos — one “rejected” video, plus a video subsequently recommended by YouTube. Researchers then assessed pairs themselves or used machine learning to decide whether the recommendation was too similar to the video a user rejected.”
It turns out that the “dislike” and “not interested” buttons were “marginally effective” at preventing 12% of poor recommendations. The “don’t recommend channel” and “remove from history” buttons were slightly better at 43% and 29% respectively.
Elena Hernandez, a YouTube spokesperson, explained that these buttons are not meant to block all content about a topic. Hernandez criticized the Mozilla team’s report, because it was not taken into consideration that the buttons are designed to not create echo chambers nor how the algorithms work. She did state, however, that YouTube welcomes academic research and that is why YouTube expanded its Data API through the YouTube Researcher Program.
TikTok and Instagram have similar feedback tools and user response is similar to what the Mozilla researchers found out about YouTube. Google, YouTube’s parent company, and the other video platforms are not interested in keeping users happy. They want to keep users engaged and continue clicking on the platform. It is a known Internet fact that when people are upset they are glued to the screen more. Are YouTube, TikTok, and Instagram purposely frustrating users?
Whitney Grace, October 11, 2022
Insider Threat: Worse Than Poisoned Open Source Code and Major Operating System Flaws?
October 5, 2022
Here’s a question for you.
What poses a greater threat to your organization? Select one item only, please.
[a] Flaws in mobile phones
[b] Poisoned open source code
[c] Cyber security and threat intelligence systems do not provide advertised security
[d] Insider threats
[e] Operating systems’ flaws.
If you want to check more than one item, congratulations. You are a person who is aware that most computing devices are insecure with some flaws baked in. Fixing up flawed hardware and software under attack is similar to repairing an L-29 while the Super Defin is in an air race.
Each day I receive emails asking me to join a webinar about a breakthrough in cyber security, new threats from the Dark Web, and procedures to ensure system integrity. I am not confident that these companies can deliver cyber security, particularly the type needed to deal with an insider who decides to help out bad actors.
“NSA Employee Leaked Classified Cyber Intel, Charged with Espionage” reports:
A former National Security Agency employee was arrested on Wednesday for spying on the U.S. government on behalf of a foreign government. Jareh Sebastian Dalke, 30, was arrested in Denver, Colorado after allegedly committing three separate violations of the Espionage Act. Law enforcement allege that the violations were committed between August and September of 2022, after he worked as a information systems security designer at the agency earlier that summer.
So what’s the answer to the multiple choice test above? It’s D. Insider breaches suggest that management procedures are not working. Cyber security webinars don’t address this, and it appears that other training programs may not be pulling hard enough. Close enough for horse shoes may work when selling ads. For other applications, more rigor may be necessary.
Stephen E Arnold, October 5, 2022
Board Games at Microsoft? Maybe Corner Cutting?
September 30, 2022
I noted a write up called “Anonymous Lays Waste to Russian Message Board, Releases Entire Database Online.” The article describes what a merrie band of anonymous, distributed bad actors can do in today’s decentralized, Web 3 world of online games like Cat and Mouse. The article explains that Mr. Putin’s bureaucracy is a big, fat, and easy target to attack. One statement in the article caught my attention; to wit:
For all their reputation on cyber security and hacking, the Russians were careless…. KiraSec has taken down hundreds of Russian websites, Russian banks like alfabank, bank.yandex.ru, pro-Russian terror-leaning websites, Russian pedophile websites, Russian government websites, Russian porn sites and a lot more. The cyber activists also “hacked various Russian SCADAs and ICS, nuking their systems and completely destroying their industrial machines.”
I immediately thought about Microsoft’s Brad Smith suggesting that more than 1,000 programmers worked to make SolarWinds a household word. My thought was that Microsoft itself may share the systems engineering approach used to protect some Russian information assets. The key word is “careless.” Arrogance, indifference, and probably quite terrible management facilitated the loss of Russian data and the SolarWinds’ misstep.
I then spotted in my news headline stream this article from the UK online outfit The Register: “Excel’s Comedy of Errors Needs a New Script, Not New Scripting.” This article points out that Microsoft has introduced a new feature for Excel. I am not an individual who writes everything in Excel, including holiday greetings and lists of government officials names and email addresses. Some are.
Here’s the passage I circled after I printed out the write up on a piece of paper:
Excel is already the single most dangerous tool to give to civilians. You can get things wrong in Word and PowerPoint all day long, and while they have their own security fun you’re not getting things wrong through a series of tiny letterboxes behind which can live the company’s most important numerical data. The Excel Blunder is its own genre of corporate terror: it brings down companies, it breaches data like a excited whale seeking sunlight, it can make a mockery of pandemic control. And because Excel is the only universal tool most users get for organizing any sort of data, the abuses and perversions it gets put to are endless.
What’s the connection between bad actors hacking Russia, Microsoft’s explanation of the SolarWinds’ misstep, and Excel’s new scripting method?
Insecurity appears to be part of the core business process.
No big deal. Some bad actors and a few cyber security vendors will be happy. Others will be “careless” and maybe clueless. That’s Clue the board game, not the motion picture.
Stephen E Arnold, September 30, 2022
Yo, Amazon, Hello, Facebook, Hey, Google, Sup, IBM: Any Moonlighting Wizards on Your Payroll?
September 28, 2022
A couple of years ago, I provided those in my LE and intel lectures with the names of some online recruiting services which say things like:
Hire Silicon Valley-caliber engineers at half the cost
The number of outfits offering programmers with in-demand skills is large. Do these “remote” employees have: [a] full time jobs at big tech firms, [b] work remotely with supervision from an indifferent 20 something or Microsoft Teams-type monitoring functions, or [c] have automated a full-time job so that an eight hour work day can be used to generate income from gig work or another full-time job?
I read “Wipro Chairman Rishad Premji Fires 300 Employees for Secretly for Moonlighting.” [Note: this item appeared in India and the provider of the content can be disappeared at any time or charge for access to the full text. There’s not much I can do to ameliorate this issue.] The article states:
Wipro has terminated 300 employees found to be moonlighting with its key rivals at the same time, its Chairman Rishad Premji said on Wednesday [September 21, 2022] . Speaking at the All India Management Association (AIMA) National Management Convention, Premji termed moonlighting is a complete violation of integrity “in its deepest form”. “The reality is that there are people today working for Wipro and working directly for one of our competitors and we have actually discovered 300 people in the last few months who are doing exactly that,” the Wipro Chairman said. The company has now terminated their employment for “act of integrity violation”.
I find the action of Mr. Premji instructive. I wonder why US-based high-tech firms do not take the same action.
The point I made in my lecture is that bad actors can pass themselves off as legitimate businesses just based in some interesting city like Athens, Greece. The technical skills required are advanced and not directly connected to anything other than helping a jewelry company or online egame service implement a resilient network. The person responding to this opportunity may have requisite experience working at a big US high tech company. The person does the work and forgets about the project. However, the entity doing the hiring is a bad actor. The task completed by the US high tech engineer snaps into a larger set of work.
Should the online recruitment outfit perform more due diligence on what looks like a legitimate company selling fountain pens or plumbing equipment in another country? The answer is, “Sure.” That’s not the case. Based on our research none of the recruiters or the gig workers did much if any investigation of the hiring outfit. If a company paid the matchmaker and the gig worker, that was the proof of appropriate activity.
The reality, which I described in my lecture, is that insiders are making it easy for bad actors to learn about certain companies. Furthermore, the simple and obvious coding task is just one component in what can be an illegal online operation. The example I provided to the LE and analysts in my lecture was an online streaming service with an illegal online gambling “feature.”
I can hear the senior managers’ excuses now:
- “Our employees are prohibited from doing outside work.” [Yeah, but does anyone validate this assertion?]
- “We have a personnel department which works closely with our security team to prevent this type of insider activity.” [Yeah, but telling me this is cheaper and easier than reporting on specific data compiled to reduce this type of activity, right?]
- “Our contractors are moderated and subject to the same security procedures as our work-from-home full time staff? [Yeah, but does anyone really know how that contractor located in another company actually operates?]k
Net net: Mr. Premji is on the right track. FYI: WiPro was founded in 1945 and the firm took action on this matter after 77 years. Speedy indeed.
Stephen E Arnold, September 28, 2022
Google: Fraying Comes with Graying
September 28, 2022
At a conference last week, I had to work hard to avoid getting annoyed at 20 somethings: Fiddling with mobiles, looking bored, and tapping on laptops. I stayed on course.
Not at the Google apparently. “Google CEO Pichai Tells Employees Not to ‘Equate Fun with Money’ in Heated All-Hands Meeting.” I have zero idea if this news story is spot on, nor do I care. The factoids might be disinformation bought and paid for by a disgruntled lobbying or a person unhappy with Google’s objective search results spiel.
But the write up is entertaining and it is suggestive, at least to me.
First, I chuckled at the “heated” all hands meeting. I have heard that in the Brin Page do no evil era, meetings were often fun. Heck, I have reasonably accurate information about Mr. Brin’s arriving at a meeting with Sumner Redstone. Mr. Brin exuded fun because he had been roller blading and arrived with skates on and fruit bootin garb. Mr. Redstone was not amused too much. If the write up’s headline reflects reality and not a quest for clicks, “heated” does not refer to sweaty wizards. Heated means angry, annoyed, maybe out of control? Huh, not cool.
Second, I spotted this comment in the write up:
Pichai admitted that it’s not just the economy that’s caused challenges at Google but also an expanding bureaucracy at Google.
High school science club management appears to fall short of what’s needed to make the Alphabet Google YouTube DeepMind entity walk like a neurological digital dinosaur should. Wobblies and poor coordination do not send positive signals to big time Wall Street wolves.
Third, this compensation point resonated with me:
Pichai dodged employee questions asking about cost-cutting executive compensation. Pichai brought in total pay last year of $6.3 million, while other top executives made more than $28 million.
Is “dodged” the right word? Probably not, but to a wizard manager getting plastered with the word “dodged” is not positive PR. But, hey, this is the outfit which fired Dr. Timnit Gebru for pointing out one type of error association with Google’s smart software. Does that lack of intelligence extend to the managing humanoids at the Google? What about Google’s compensation plan for leadership versus a young programmer working on single sign on? Good question maybe?
Fourth, I found this passage thought provoking:
“I’m a bit concerned that you think what we’ve done is what you would define as aggressive cost saving,” he said. “I think it’s important we don’t get disconnected. You need to take a long-term view through conditions like this.” He added that the company is “still investing in long-term projects like quantum computing,” and said that at times of uncertainty, it’s important “to be smart, to be frugal, to be scrappy, to be more efficient.”
I think this illustrates what I would call a disconnect between the life in carpet land and the programmer-eat-marketer environment of the Foosball table. Disconnects? Is Android fragmented? Does Google have what it takes to catch up with Amazon and Microsoft in cloud space?
Has AGYD solved death? I know that Google may be looking a bit like a senior citizen struggling with the reality of arteriosclerosis. Will walkers, crutches, and wheelchairs be on display at the next big time all hands meeting?
That would be a significant signal in my opinion.
Stephen E Arnold, September 28, 2022
US Government Censorship: Remarkable Assertion
September 28, 2022
I am not familiar with the censorship action described in “The U.S. Government’s Vast New Privatized Censorship Regime.”
One passage struck me as interesting; to wit:
At least 11 federal agencies, and around 80 government officials, have been explicitly directing social media companies to take down posts and remove certain accounts that violate the government’s own preferences and guidelines for coverage on topics ranging from COVID restrictions, to the 2020 election, to the Hunter Biden laptop scandal.
One of the characteristics of any government, including the US government, is that coordination across, among, and between agencies and individuals is time consuming, difficult, and fraught with missteps. I have no doubt that any broad US government activity is difficult to set up, implement, and keep outside the ken of Washington Post-type investigative journalists. Furthermore, getting one — let alone a group — of Silicon Valley type high tech outfits to take prompt action runs counter to my experience. If a government professional wants to obtain information believed to be available to a high tech outfit, the process often begins with a form. If the government professional, a specific point of contact will be known to the official. A phone call, email, or text message may or may not elicit a response. I have heard such statements as “Wow, blue bubble green bubble problem”, “I must have missed that email; I will look in my spam folder”, and “Can you send a hard copy request via FedEx?’ have been offered as reasons for typically slow responses to queries.
I know that information and outputs during the time of Covid was a bit of a challenge. I am not sure that anyone knew much about what others were doing. I will grant that the signals cited in the write up paint a picture of focused US government action concerning the conference and statement involved. But, if true, the actions are not what I would call “routine” behavior. Toss in third parties and the write up’s description of purposeful action is even more anomalous. Maybe I worked in less organized government entities.
I wish I had a nickel every time a project on which I have worked was described differently from what was actually going on.
Nevertheless, the write up is interesting.
Stephen E Arnold, September 28, 2022
Anyone Remember the Google and Its Magic Algorithms?
September 21, 2022
Outfits like Foundem and the French tax authority wondered why the findability of their products and services was poor. I recall hearing from one or more Googlers the message that manual changes to search results were not part of the grand plan. The algorithms have more than 100 factors which make such determinations. Heck, I even included about 120 of these in my monograph published by the late and lamented publishing outfit Infonortics. In the Google Legacy I summarized these numerical recipes and pointed out that Google’s super secret system and method determined Google quality, Google relevance, and Google appropriateness. I did the research for that monograph in 2003 and 2004.
How times change! In 2015, the phrase “right to be forgotten” gained traction. In early 2022, Spain complained about the Google right to be forgotten process.
I read “Google App Starts Rolling Out Results about You to Help Remove Personal Information.” The article points out:
For some today, opening the Google app on Android and tapping your profile avatar in the top-right corner reveals a new “Results about you” menu item. This takes users to a page that explains how they can request Google remove Search results that contain phone number, home address, email, or other PII.
So what?
My opinion is that Alphabet Google YouTube DeepMind or AGYD has the tools, knobs, and dials to makes it smart systems perform like puppets in the hands of a digitally literate puppet master. If my view is accurate, some hypothetical notions can be outlined; for instance:
- AGYD can “steer” what enters its systems and what goes out to its partners, advertisers, and users. Does this mean that oversight of AGYD is needed? The European Union seems to think so it appears.
- AGYD’s protestations about objectivity and doing good stuff for its users could be rephrased this way: Google does good stuff for Alphabet, itself, YouTube, and DeepMind. If this hypothesis is close enough for horse shoes, what does ethical behavior mean in the AGYD datasphere?
- Are AGYD’s systems “smart” or are these systems just following instructions. How should algorithms like those in use at AGYD be viewed: [a] Harmless science club stuff, [b] Applied weaponized information methods, [c] a Rube Goldberg system which allows a large number of adjustments as long as the money generating functions are not impaired?, or [d] some other view?
These three points are observations and probably a reflection of my skepticism about “magical” technology. Google may be more like Houdini than Einstein.
Stephen E Arnold, September 21, 2022