See How Clever OSINT Lovers Can Be. Impressed? Not Me
September 11, 2024
This essay is the work of a dumb dinobaby. No smart software required.
See the dancing dinosaur. I am a dinobaby, and I have some precepts that are different from those younger than I. I was working on a PhD at the University of Illinois in Chambana and fiddling with my indexing software. The original professor with the big fat grant had died, but I kept talking to those with an interest in concordances about a machine approach to producing these “indexes.” No one cared. I was asked to give a talk at a conference called the Allerton House not far from the main campus. The “house” had a number of events going on week in and week out. I delivered my lecture about indexing medieval sermons in Latin to a small group. In 1972, my area of interest was not a particularly hot topic. After my lecture, a fellow named James K. Rice waited for me to pack up my view graphs and head to the exit. He looked me in the eye and asked, “How quickly can you be in Washington, DC?
An old-time secure system with a reminder appropriate today. Thanks, MSFT Copilot. Good enough.
I will eliminate the intermediary steps and cut to the chase. I went to work for a company located in the Maryland technology corridor, a five minute drive from the Beltway, home of the Beltway bandits. The company operated under the three letter acronym NUS. After I started work, I learned that the “N” meant nuclear and that the firm’s special pal was Halliburton Industries. The little-known outfit was involved in some sensitive projects. In fact, when I arrived in 1972, there were more than 400 nuclear engineers on the payroll and more ring knockers than I had ever heard doing their weird bonding ritual at random times.
I learned three things:
- “Nuclear” was something one did not talk about… ever to anyone except those in the “business” like Admiral Craig Hosmer, then chair of the Joint Committee on Atomic Energy
- “Nuclear” information was permanently secret
- Revealing information about anything “nuclear” was a one-way ticket to trouble.
I understood. That was in 1972 in my first day or two at NUS. I have never forgotten the rule because my friend Dr. James Terwilliger, a nuclear engineer originally trained at Virginia Tech said to me when we first met in the cafeteria: “I don’t know you. I can’t talk to you. Sit somewhere else.”
Jim and I became friends, but we knew the rules. The other NUS professionals did too. I stayed at the company for five years, learned a great deal, and never forgot the basic rule: Don’t talk nuclear to those not in the business. When I was recruited by Booz Allen & Hamilton, my boss and the fellow who hired me asked me, “What did you do at that little engineering firm?” I told him I worked on technical publications and some indexing projects. He bit on indexing and I distracted him by talking about medieval religious literature. In spite of that, I got hired, a fact other Booz Allen professionals in the soon-to-be-formed Technology Management Group could not believe. Imagine. Poetry and a shallow background at a little bitty, unknown engineering company with a meaningless name and zero profile in the Blue Chip Consulting world. Arrogance takes many forms.
Why this biographical background?
I read “Did Sandia Use a Thermonuclear Secondary in a Product Logo?” I have zero comment about the information in the write up. Read the document if you want. Most people will not understand it and be unable to judge its accuracy.
I do have some observations.
First, when the first index of US government servers was created using Inktomi and some old-fashioned manual labor, my team made sure certain information was not exposed to the public via the new portal designed to support citizen services. Even today, I worry that some information on public facing US government servers may have sensitive information exposed. This happens because of interns given jobs but not training, government professionals working with insufficient time to vet digital content, or the weird “flow” nature of digital information which allows a content object to be where it should not. Because I had worked at the little-known company with the meaningless acronym name, I was able to move some content from public-facing to inward-facing systems. When people present nuclear-related information, knowledge and good judgment are important. Acting like a jazzed up Google-type employee is not going to be something to which I relate.
Second, the open source information used to explain the seemingly meaningless graphic illustrates a problem with too much information in too many public facing places. Also, it underscores the importance of keeping interns, graphic artists, and people assembling reports from making decisions. The review process within the US government needs to be rethought and consequences applied to those who make really bad decisions. The role of intelligence is to obtain information, filter it, deconstruct it, analyze it, and then assemble the interesting items into a pattern. The process is okay, but nuclear information should not be open source in my opinion. Remember that I am a dinobaby. I have strong opinions about nuclear, and those opinions support my anti-open source stance for this technical field.
Third, the present technical and political environment frightens me. There is a reason that second- and third-tier nation states want nuclear technology. These entities may yip yap about green energy, but the intent, in my view, is to create kinetic devices. Therefore, this is the wrong time and the Internet is the wrong place to present information about “nuclear.” There are mechanisms in place to research, discuss, develop models, create snappy engineering drawings, and talk at the water cooler about certain topics. Period.
Net net: I know that I can do nothing about this penchant many have to yip yap about certain topics. If you read my blog posts, my articles which are still in print or online, or my monographs — you know that I never discuss nuclear anything. It is a shame that more people have not learned that certain topics are inappropriate for public disclosure. This dinobaby is really not happy. The “news” is all over a Russian guy. Therefore, “nuclear” is not a popular topic for the TikTok crowd. Believe me: Anything that offers nuclear related information is of keen interest to certain nation states. But some clever individuals are not happy unless they have something really intelligent to say and probably know they should not. Why not send a personal, informative email to someone at LANL, ORNL, or Argonne?
Stephen E Arnold, September 11, 2024
The Fixed Network Lawful Interception Business is Booming
September 11, 2024
It is not just bad actors who profit from an increase in cybercrime. Makers of software designed to catch them are cashing in, too. The Market Research Report 224 blog shares “Fixed Network Lawful Interception Market Region Insights.” Lawful interception is the process by which law enforcement agencies, after obtaining the proper warrants of course, surveil circuit and packet-mode communications. The report shares findings from a study by Data Bridge Market Research on this growing sector. Between 2021 and 2028, this market is expected to grow by nearly 20% annually and hit an estimated value of $5,340 million. We learn:
“Increase in cybercrimes in the era of digitalization is a crucial factor accelerating the market growth, also increase in number of criminal activities, significant increase in interception warrants, rising surge in volume of data traffic and security threats, rise in the popularity of social media communications, rising deployment of 5G networks in all developed and developing economies, increasing number of interception warrants and rising government of both emerging and developed nations are progressively adopting lawful interception for decrypting and monitoring digital and analog information, which in turn increases the product demand and rising virtualization of advanced data centers to enhance security in virtual networks enabling vendors to offer cloud-based interception solutions are the major factors among others boosting the fixed network lawful interception market.”
Furthermore, the pace of these developments will likely increase over the next few years. The write-up specifies key industry players, a list we found particularly useful:
“The major players covered in fixed network lawful interception market report are Utimaco GmbH, VOCAL TECHNOLOGIES, AQSACOM, Inc, Verint, BAE Systems., Cisco Systems, Telefonaktiebolaget LM Ericsson, Atos SE, SS8 Networks, Inc, Trovicor, Matison is a subsidiary of Sedam IT Ltd, Shoghi Communications Ltd, Comint Systems and Solutions Pvt Ltd – Corp Office, Signalogic, IPS S.p.A, ZephyrTel, EVE compliancy solutions and Squire Technologies Ltd among other domestic and global players.”
See the press release for notes on Data Bridge’s methodology. It promises 350 pages of information, complete with tables and charts, for those who purchase a license. Formed in 2014, Data Bridge is based in Haryana, India.
Cynthia Murrell, September 11, 2024
Why Is the Telegram Übermensch Rolling Over Like a Good Dog?
September 10, 2024
This essay is the work of a dumb dinobaby. No smart software required.
I have been following the story of Pavel Durov’s detainment in France, his hiring of a lawyer with an office on St Germaine de Pres, and his sudden cooperativeness. I want to offer come observations on this about face. To begin, let me quote from his public statement at t.me/durov/342:
… we [Pavel and Nikolai] hear voices saying that it’s not enough. Telegram’s abrupt increase in user count to 950M caused growing pains that made it easier for criminals to abuse our platform. That’s why I made it my personal goal to ensure we significantly improve things in this regard. We’ve already started that process internally, and I will share more details on our progress with you very soon.
The Telegram French bulldog flexes his muscles at a meeting with French government officials. Thanks, Microsoft. Good enough like Recall I think.
First, the key item of information is the statement “user count to 950M” [million] users. Telegram’s architecture makes it possible for the company to offer a range of advertising services to those with the Telegram “super app” installed. With the financial success of advertising revenue evidenced by the financial reports from Amazon, Facebook, and Google, the brothers Durov, some long-time collages, and a handful of alternative currency professionals do not want to leave money on the table. Ideals are one thing; huge piles of cash are quite another.
Second, Telegram’s leadership demonstrated Cirque de Soleil-grade flexibility when doing a flip flop on censorship. Regardless of the reason, Mr. Durov chatted up a US news personality. In an interview with a former Murdoch luminary, Mr. Durov complained about the US and sang the praises of free speech. Less than two weeks, Telegram blocked Ukrainian Telegram messages to Russians in Russia about Mr. Putin’s historical “special operation.” After 11 years of pumping free speech, Telegram changed direction. Why? One can speculate but the free speech era at least for Ukraine-to-Russia Messenger traffic ended.
Third, Mr. Durov’s digital empire extends far beyond messaging (whether basic or the incredibly misunderstood “secret” function). As I write this, Mr. Durov’s colleagues who work at arm’s length from Telegram, have rolled out a 2024 version of VKontakte or VK called TONsocial. The idea is to extend the ecosystem of The One Network and its TON alternative currency. (Some might use the word crypto, but I will stick with “alternative”.) Even though these entities and their staff operate at arm’s length, TON is integrated into the Telegram super app. Furthermore, clever alternative currency games are attracting millions of users. The TON alternative currency is complemented with Telegram STAR, another alternative currency available within the super app. In the last month, one of these “games”—technically a dApp or distributed application — has amassed over 35 million users and generates revenue with videos on YouTube. The TON Foundation — operating at arm’s length from Telegram — has set up a marketing program, a developer outreach program with hard currency incentives for certain types of work, and videos on YouTube which promote Telegram-based distributed applications, the alternative currency, and the benefits of the TON ecosystem.
So what’s causing Mr. Durov to shift from the snarling Sulimov to goofy French bulldog? Telegram wants to pull off at IPO or an initial public offering. In order to do that after the US Securities & Exchange Commission shut down his first TON alternative currency play, the brothers Durov and their colleagues cooked up a much less problematic approach to monetize the Telegram ecosystem. An IPO would produce money and fame. An IPO could legitimize a system which some have hypothesized retains strong technical and financial ties to some Russian interests.
The conversion from free speech protector with fangs and money to scratch-my-ears French bulldog may be little more than a desire for wealth and fame… maybe power or an IPO. Mr. Durov has an alleged 100 or more children. That’s a lot of college tuition to pay I imagine. Therefore, I am not surprised: Mr. Durov will:
- Cooperate with the French
- Be more careful with his travel operational security in the future
- Be the individual who can, should he choose, access the metadata and the messages or everyone of the 950 million Telegram users (with so darned few in the EU to boot)
- Sell advertising
- Cook up a new version of VKontakte
- Be a popular person among influential certain other countries’ government professionals.
But as long as he is rich, he will be okay. He watches what he eats, he exercises, and he has allegedly good cosmetic surgeons at his disposal. He is flexible obviously. I can hear the French bulldog emitting dulcet sounds now as it sticks out its chest and perks its ears.
Stephen E Arnold, September 10, 2024
When Egos Collide in Brazil
September 10, 2024
Why the Supreme Federal Court of Brazil has Suspended X
It all started when Brazilian Supreme Court judge Alexandre de Moraes issued a court order requiring X to block certain accounts for spewing misinformation and hate speech. Notably, these accounts belonged to right-wing supporters of former Brazilian President Jair Bolsonaro. After taking his ball and going home, Musk responded with some misinformation and hate speech of his own. He published some insulting AI-generated images of de Moraes, because apparently that is a thing he does now. He has also blatantly refused to pay the fines and appoint the legal representative required by the court. Musk’s tantrums would be laughable if his colossal immaturity were not matched by his dangerous wealth and influence.
But De Moraes seems to be up for the fight. The judge has now added Musk to an ongoing investigation into the spread of fake news and has launched a separate probe into the mogul for obstruction of justice and incitement to crime. We turn to Brazil’s Globo for de Moraes’ perspective in the article, “Por Unanimidade, 1a Turma do STF Mantém X Suspenso No Brasil.” Or in English, “Unanimously, 1st Court of the Supreme Federal Court Maintains X Suspension in Brazil.” Reporter Márcio Falcão writes (in Google Translate’s interpretation):
“Moraes also affirmed that Elon Musk confuses freedom of expression with a nonexistent freedom of aggression and deliberately confuses censorship with the constitutional prohibition of hate speech and incitement to antidemocratic acts. The minister said that ‘the criminal instrumentalization of various social networks, especially network X, is also being investigated in other countries.’ I quote an excerpt from the opinion of Attorney General Paulo Gonet, who agrees with the decision to suspend In this sixth edition. Alexandre de Moraes also affirmed that there have been ‘repeated, conscious, and voluntary failures to comply with judicial orders and non-implementation of daily fines applied, in addition to attempts not to submit to the Brazilian legal system and Judiciary, to ‘Instituting an environment of total impunity and ‘terra sem lei’ [‘lawless land’] in Brazilian social networks, including during the 2024 municipal elections.’”
“A nonexistent freedom of aggression” is a particularly good burn. Chef’s kiss. The article also shares viewpoints from the four other judges who joined de Moraes to suspend X. The court also voted to impose huge fines for any Brazilians who continue to access the platform through a VPN, though The Federal Council of Advocates of Brazil asked de Moraes to reconsider that measure. (Here’s Google’s translation of that piece.) What will be next in this dramatic standoff? And what precedent(s) will be set?
Cynthia Murrell, September 10, 2024
What are the Real Motives Behind the Zuckerberg Letter?
September 5, 2024
Senior correspondent at Vox Adam Clarke Estes considers the motives behind Mark Zuckerberg’s recent letter to Rep. Jim Jordan. He believes “Mark Zuckerberg’s Letter About Facebook Censorship Is Not What it Seems.” For those who are unfamiliar: The letter presents no new information, but reminds us the Biden administration pressured Facebook to stop the spread of Covid-19 misinformation during the pandemic. Zuckerberg also recalls his company’s effort to hold back stories about Hunter Biden’s laptop after the FBI warned they might be part of a Russian misinformation campaign. Now, he insists, he regrets these actions and vows never to suppress “freedom of speech” due to political pressure again.
Naturally, Republicans embrace the letter as further evidence of wrongdoing by the Biden-Harris administration. Many believe it is evidence Zuckerberg is kissing up to the right, even though he specifies in the missive that his goal is to be apolitical. Estes believes there is something else going on. He writes:
“One theory comes from Peter Kafka at Business Insider: ‘Zuckerberg very carefully gave Jordan just enough to claim a political victory — but without getting Meta in any further trouble while it defends itself against a federal antitrust suit. To be clear, Congress is not behind the antitrust lawsuit. The case, which dates back to 2021, comes from the FTC and 40 states, which say that Facebook illegally crushed competition when it acquired Instagram and WhatsApp, but it must be top of mind for Zuckerberg. In a landmark antitrust case less than a month ago, a federal judge ruled against Google, and called it a monopoly. So antitrust is almost certainly on Zuckerberg’s mind. It’s also possible Zuckerberg was just sick of litigating events that happened years ago and wanted to close the loop on something that has caused his company massive levels of grief. Plus, allegations of censorship have been a distraction from his latest big mission: to build artificial general intelligence.”
So is it coincidence this letter came out during the final weeks of a severely close, high-stakes presidential election? Perhaps. An antitrust ruling like the one against Google could be inconvenient for Meta. Curious readers can navigate to the article for more background and more of Estes reasoning.
Cynthia Murrell, September 5, 2024
Accountants: The Leaders Like Philco
September 4, 2024
This essay is the work of a dumb dinobaby. No smart software required.
AI or smart software has roiled the normal routine of office gossip. We have shifted from “What is it?” to “Who will be affected next?” The integration of AI into work processes, however, is not a new thing. Most people don’t know or don’t recall that when a consultant could do a query from a clunky device like the Texas Instrument Silent 700, AI was already affecting jobs. Whose? Just ask a special librarian who worked when an intermediary was not needed to retrieve information from an online database.
A nervous smart robot running state-of-the-art tax software is sufficiently intelligent to be concerned about the meeting with an IRS audit team. Thanks, MSFT Copilot. How’s that security push coming along? Oh, too bad.
I read “Why America’s Most Boring Job Is on the Brink of Extinction.” I think the story was crafted by a person who received either a D or an F in Accounting 100. The lingo links accountants with being really dull people and the nuking of an entire species. No meteor is needed; just smart software, the silent killer. By the way, my two accountants are quite sporty. I rarely fall asleep when they explain life from their point of view. I listen, and I urge you to be attentive as well. Smart software can do some excellent things, but not everything related to tax, financial planning, and keeping inside the white lines of the quite fluid governmental rules and regulations.
Nevertheless, the write up cited above states:
Experts say the industry is nearing extinction because the 150-hour college credit rule, the intense entry exam and long work hours for minimal pay are unappealing to the younger generation.
The “real” news article includes some snappy quotes too. Here’s one I circled: “’The pay is crappy, the hours are long, and the work is drudgery, and the drudgery is especially so in their early years.’”
I am not an accountant, so I cannot comment on the accuracy of this statement. My father was an accountant, and he was into detail work and was able to raise a family. None of us ended up in jail or in the hospital after a gang fight. (I was and still am a sissy. Imagine that: An 80 year old dinobaby sissy with the DNA of an accountant. I am definitely exciting.)
With fewer people entering the field of accounting, the write up makes a remarkable statement:
… Accountants are becoming overworked and it is leading to mistakes in their work. More than 700 companies cited insufficient staff in accounting and other departments as a reason for potential errors in their quarterly earnings statements…
Does that mean smart software will become the accountants of the future? Some accountants may hope that smart software cannot do accounting. Others will see smart software as an opportunity to improve specific aspects of accounting processes. The problem, however, is not the accountants. The problem will AI is the companies or entrepreneurs who over promise and under deliver.
Will smart software replace the insight and timeline knowledge of an experienced numbers wrangler like my father or the two accountants upon whom I rely?
Unlikely. It is the smart software vendors and their marketers who are most vulnerable to the assertions about Philco, the leader.
Stephen E Arnold, September 4, 2024
Social Media Cowboys, the Ranges Are Getting Fences
September 2, 2024
This essay is the work of a dumb dinobaby. No smart software required.
Several recent developments suggest that the wide open and free ranges are being fenced in. How can I justify this statement, pardner? Easy. Check out these recent developments:
- The founder of Telegram is Pavel Durov. He was arrested on Saturday, August 26, 2024, at Le Bourget airport near Paris
- TikTok will stand trial for the harms to children caused by the “algorithm”
- Brazil has put up barbed wire to keep Twitter (now X.com) out of the country.
I am not the smartest dinobaby in the rest home, but even I can figure out that governments are taking action after decades of thinking about more weighty matters than the safety of children, the problems social media causes for parents and teachers, and the importance of taking immediate and direct action against those breaking laws.
A couple of social media ranchers are wondering about the actions of some judicial officials. Thanks, MSFT Copilot. Good enough like most software today.
Several questions seem to be warranted.
First, the actions are uncoordinated. Brazil, France, and the US have reached conclusions about different social media companies and acted without consulting one another. How quickly with other countries consider their particular situation and reach similar conclusions about free range technology outfits?
Second, why have legal authorities and legislators in many countries failed to recognize the issues radiating from social media and related technology operators? Was it the novelty of technology? Was it a lack of technology savvy? Was it moral or financial considerations?
Third, how will the harms be remediated? Is it enough to block a service or change penalties for certain companies?
I am personally not moved by those who say speech must be free and unfettered. Sorry. The obvious harms outweigh that self-serving statement from those who are mesmerized by online or paid to have that idea and promote it. I understand that a percentage of students will become high achievers with or without traditional reading, writing, and arithmetic. However, my concern is the other 95 percent of students. Structured learning is necessary for a society to function. That’s why there is education.
I don’t have any big ideas about ameliorating the obvious damage done by social media. I am a dinobaby and largely untouched by TikTok-type videos or Facebook-type pressures. I am, however, delighted to be able to cite three examples of long overdue action by Brazilian, French, and US officials. Will some of these wild west digital cowboys end up in jail? I might support that, pardner.
Stephen E Arnold, September 2, 2024
Can an AI Journalist Be Dragged into Court and Arrested?
August 28, 2024
This essay is the work of a dumb dinobaby. No smart software required.
I read “Being on Camera Is No Longer Sensible: Persecuted Venezuelan Journalists Turn to AI.” The main idea is that a video journalist can present the news, not a “real” human journalist. The write up says:
In daily broadcasts, the AI-created newsreaders have been telling the world about the president’s post-election crackdown on opponents, activists and the media, without putting the reporters behind the stories at risk.
The write up points out:
The need for virtual-reality newscasters is easy to understand given the political chill that has descended on Venezuela since Maduro was first elected in 2013, and has worsened in recent days.
Suppression of information seems to be increasing. With the detainment of Pavel Durov, Russia has expressed concern about this abrogation of free speech. Ukrainian government officials might find this rallying in support of Mr. Durov ironic. In April 2024, Telegram filtered content from Ukraine to Russian citizens.
An AI news presenter sitting in a holding cell. Government authorities want to discuss her approach to “real” news. Thanks, MSFT Copilot. Good enough.
Will AI “presenters” or AI “content” prevent the type of intervention suggested by Venezuelan-type government officials?
Several observations:
- Individual journalists may find that the AI avatar “plays” may not fool or amuse certain government authorities. It is possible that the use of AI and the coverage of the tactic in highly-regarded “real” news services exacerbates the problem. Somewhere, somehow a human is behind the avatar. The obvious question is, “Who is that person?”
- Once the individual journalist behind an avatar has been identified and included in an informal or formal discussion, who or what is next in the AI food chain? Is it an organization associated with “free speech”, an online service, or an organization like a giant high-technology company. What will a government do to explore a chat with these entities?
- Once the organization has been pinpointed, what about the people who wrote the software powering the avatar? What will a government do to interact with these individuals?
Step 1 seems fairly simple. Step 2 may involve some legal back and forth, but the process is not particularly novel. However, Step 3 presents a bit of a conundrum, and it presents some challenges. Lawyers and law enforcement for the country whose “laws” have been broken have to deal with certain protocols. Embracing different techniques can have significant political consequences.
My view is that using AI intermediaries is an interesting use case for smart software. The AI doomsayers invoke smart software taking over. A more practical view of AI is that its use can lead to actions which are at first tempests in tea pots. Then when a cluster of AI tea pots get dumped over, difficult to predict activities can emerge. The Venezuelan government’s response to AI talking heads delivering the “real” news is a precursor and worth monitoring.
Stephen E Arnold, August 28, 2024
Meta Leadership: Thank you for That Question
August 26, 2024
Who needs the Dark Web when one has Facebook? We learn from The Hill, “Lawmakers Press Meta Over Illicit Drug Advertising Concerns.” Writer Sarah Fortinsky pulls highlights from the open letter a group of House representatives sent directly to Mark Zuckerberg. The rebuke follows a March report from The Wall Street Journal that Meta was under investigation for “facilitating the sale of illicit drugs.” Since that report, the lawmakers lament, Meta has continued to run such ads. We learn:
The Tech Transparency Project recently reported that it found more than 450 advertisements on those platforms that sell pharmaceuticals and other drugs in the last several months. ‘Meta appears to have continued to shirk its social responsibility and defy its own community guidelines. Protecting users online, especially children and teenagers, is one of our top priorities,’ the lawmakers wrote in their letter, which was signed by 19 lawmakers. ‘We are continuously concerned that Meta is not up to the task and this dereliction of duty needs to be addressed,’ they continued. Meta uses artificial intelligence to moderate content, but the Journal reported the company’s tools have not managed to detect the drug advertisements that bypass the system.”
The bipartisan representatives did not shy from accusing Meta of dragging its heels because it profits off these illicit ad campaigns:
“The lawmakers said it was ‘particularly egregious’ that the advertisements were ‘approved and monetized by Meta.’ … The lawmakers noted Meta repeatedly pushes back against their efforts to establish greater data privacy protections for users and makes the argument ‘that we would drastically disrupt this personalization you are providing,’ the lawmakers wrote. ‘If this personalization you are providing is pushing advertisements of illicit drugs to vulnerable Americans, then it is difficult for us to believe that you are not complicit in the trafficking of illicit drugs,’ they added.”
The letter includes a list of questions for Meta. There is a request for data on how many of these ads the company has discovered itself and how many it missed that were discovered by third parties. It also asks about the ad review process, how much money Meta has made off these ads, what measures are in place to guard against them, and how minors have interacted with them. The legislators also ask how Meta uses personal data to target these ads, a secret the company will surely resist disclosing. The letter gives Zuckerberg until September 6 to respond.
Cynthia Murrell, August 26, 2024
Which Is It, City of Columbus: Corrupted or Not Corrupted Data
August 23, 2024
This essay is the work of a dumb dinobaby. No smart software required.
I learned that Columbus, Ohio, suffered one of those cyber security missteps. But the good news is that I learned from the ever reliable Associated Press, “Mayor of Columbus, Ohio, Says Ransomware Attackers Stole Corrupted, Unusable Data.” But then I read the StateScoop story “Columbus, Ohio, Ransomware Data Might Not Be Corrupted After All.”
The answer is, “I don’t know.” Thanks, MSFT Copilot. Good enough.
The story is a groundhog day tale. A bad actor compromises a system. The bad actor delivers ransomware. The senior officers know little about ransomware and even less about the cyber security systems marketed as a proactive, intelligent defense against bad stuff like ransomware. My view, as you know, is that it is easier to create sales decks and marketing collateral than it is is to deliver cyber security software that works. Keep in mind that I am a dinobaby. I like products that under promise and over deliver. I like software that works, not sort of works or mostly works. Works. That’s it.
What’s interesting about Columbus other than its zoo, its annual flower festival, and the OCLC organization is that no one can agree on this issue. I believe this is a variation on the Bud Abbott and Lou Costello routine “Who’s on First.”
StateScoop’s story reported:
An anonymous cybersecurity expert told local news station WBNS Tuesday that the personal information of hundreds of thousands of Columbus residents is available on the dark web. The claim comes one day after Columbus Mayor Andrew Ginther announced to the public that the stolen data had been “corrupted” and most likely “unusable.” That assessment was based on recent findings of the city’s forensic investigation into the incident.
The article noted:
Last week, the city shared a fact sheet about the incident, which explains: “While the city continues to evaluate the data impacted, as of Friday August 9, 2024, our data mining efforts have not revealed that any of the dark web-posted data includes personally identifiable information.”
What are the lessons I have learned from these two stories about a security violation and ransomware extortion?
- Lousy cyber security is a result of indifferent (maybe lousy) management? How do I know? The City of Columbus cannot generate a consistent story.
- The compromised data were described in two different and opposite ways. The confusion underscores that the individuals involved are struggling with basic data processes. Who’s on first? I don’t know. No, he’s on third.
- The generalization that no one wants the data misses an important point. Data, once available, is of considerable interest to state actors who might be interested in the employees associated with either the university, Chemical Abstracts, or some other information-centric entity in Columbus, Ohio.
Net net: The incident is one more grim reminder of the vulnerabilities which “managers” choose to ignore or leave to people who may lack certain expertise. The fix may begin in the hiring process.
Stephen E Arnold, August 23, 2024