296 posts • joined 6 Jul 2009
Re: This should be simple...
A British citzen committing a crime on British soil should be charged in the UK under English or Scottish law and if found guilty imprisoned here close to their family, in this case under the Computer Misuse Act 1990 with a maximum 10 year sentence. Anything less is a betrayal of soveriegnty.
If the yanks don't like that then they shouldn't keep their sensitive military systems easily available online from the UK.
I've met Love near Glasgow, he is not that technical. There must be dozens of less naive hackers still in those systems undetected.
Opt in rather than creep out
I block ad's on some of the sites I like and would like to support because the adverts creep me out by mining my posts. Targetted advertising is just scary and almost always incorrect. For my favourite sites I'd be happy to fill out a form saying, 'there are the things I actually buy, or may be interested in adverts about, don't send me any others and don't personalise any of them".
Re: Next, traffic wardens...
CCTV supposedly used to cut violent crime is already used to police parking violations. Councils and DWP little hitlers already do this too to cu down on dog poo, school admissions, rubbish bin abuses.
I was recently charged (wrongly) with a Breach of the Peace, over twenty months and with three days in jail, about fifteen court appearances, and several police raids/visits to my parents house. I realised fairly early on the police were going to their address soon after I'd arrived out of convenience, and must have been tracking my phone to save themselves a fifteen mile drive to my home. Later one of the officers interrogating me confirmed that inadvertently.
My case is utterly petty and minor but Police Scotland have also been doing the same stuff to journalists and other police officers. I got to talk candidly to a senior police officer about this sort of quasi-legal behaviour once and he was perfectly frank and unembarrassed, "What we can do, we will do". Meaning they will do anything they think they personally will not be prosecuted for.
And that is fair enough if they'd focus on serious criminals and terrorists, but they don't and they don't intend to.
Guardian of the Galaxy
Hands up, who left their Galaxy Note7 on the Space X Falcon? Or who designed it as the communications device just because it had the word Galaxy in it?
Re: The 'insider' theory
At one point it was part of my job to read log files to spot hacks. I must confess I am not sure I did it very well. My boss was better at it, but he always did it after the event. Once you know something has happened then it is relatively simple to look back for tell-tale signs. It was complicated by the fact we never got to choose what was logged, some invisible developer decided that months before without our input. So spotting it in real time requires pattern recognition skills that I doubt even Assange has. You stare at logs over and over and you can, sometimes, tell if something looks a bit different. If you are well slept and and not on 24 hour call out, and you didn't just have an argument with your girlfriend.
I used to be stuck between a yearly battle between Belgian and Dutch hacking conventions. These genius idiots weren't actual criminals as such, but they were trying their best to take us down for lolz. It was bloody annoying, and I had the best of support. As soon as they jabbed us, we'd get a direct patch from MS or whoever and have to install it organisation wide. You know how Space Invaders gets annoying after an hour or four? It was very tempting just to leave work, go to the convention and spike their drinks with LSD.
Re: The 'insider' theory
Snowden used a CD marked "Lady Gaga"
That was Manning.
If you can get remote access to everything on a server then you can likely ammend the log files too. Various crypto gurus are already recommending we look to a post-cypto future where you assume you are hacked and concentrate on blocking exfiltration, either by DVD as you said or straight over the network.
I don't know if this is true or not but a commentator on another website said ten million Cisco shares were shorted in the weeks leading up to this story. I know El Reg pokes around in technical details but there might be a story in following the money.
Re: swift .... really archaic
Well, it was either you or your bank who can be described as really archaic.
Re: I interviewed there last year. . .
Culpepper. Aye, and I had a Virginian boss in the Netherlands who never liked the locals, and who in turn wasn't liked. That made him a bit paranoid too. I never met a single Indian there but I met many, many nationalities among my colleagues. Mostly western, mostly white, mostly male.
Half the money that passes hands each day is transferred across the SWIFT network. You are quite correct that actual money doesn't travel across their network, only messages, but duh! A physical £50 note is only a message too.
SWIFT do provide secure communications to their users, in the same way the Bank of England/ Bank of Scotland RBS and Clydesbank provide secure £50 notes to their users. If you get mugged walking down the street or accept obviously fake £50 notes then you can't blame the currency. The weak point is the banks, aka between the chair and the keyboard.
Re: Lack of trust
First, neither Linux or Windows is used on the main network.
Second, why on earth is SWIFTs self-signed root PKI cert a 'dodgy security practice'? It's entirely their network so outsourcing trust would be a vulnerability. Banks trust SWIFT for a good reason, they are unhackable. Other root certifiers are not.
I'm guessing you were working at the Begian HQ. In the OPs centres there aren't any contractors and the canteen food is, well,not exceptionally good. Security though is tighter than anywhere else I've ever seen, certainly far, far tighter than banks which just aren't comparable. I take it you were a developer, you wouldn't have got within sniffing distance of the actual networks.
As 2nd line support (only four managerial levels lower than Schrank since they only have four levels) I wasn't allowed to touch the active machines I was supporting. I'd have to talk an operator in a secure area through it.
I've just experienced 20 months of being charged with Breach of the Peace Section 38 ("a domestic"), only for the charges to be dropped earlier this week during the trial without me being allowed to say anything in court except "Not guilty". I've had to attend court at least 12 times, I eventually lost count. I've spent three days in jail on two occassions, my family suffered three police 'visits', I've chosen not to work or claim benefits during that period, and it's been hellish.
I will write it up and may post it here or at least link to it here because there are a few tech angles. First though I've got complaints to the police, the laywers and the prosecutors to write, in the hope of improving their awful performance rather than wanting vengeful disciplinary action.
I would've preferred a trial rather than a dismissal even though I had been told there was a good chance of being found guilty. I would far preferred if the prosecutors had accepted my initial offer to discuss the matter on record.
One of the things that came out of this is I asked and got to read my medical records, and they are appalling inaccurate and worringly demeaning. It's inhibited me from seeking medical help again, and I urge everyone here to ask to read through their own medical notes. Unrelated to my case I found suggestions that I was a heroin user when I attended hospital with cat bites - wtf?
As IT guys we recognise and laugh at our own professions incompetence, but in my experience we are far better at our jobs and more open about our failings than doctors or the judiciary who form 'closed ranks'.
By nature I don't have much sympathy for this guy the way he has conducted himself and has been portrayed in the media. Through bitter experience I'll hold my judgement on anyone I haven't shared a cell with.
Why automate while child labour works?
“warning that someone can prove US responsibility for any attacks that originated from this malware server”. “This may be an effort to influence the calculus of decision-makers wondering how sharply to respond to the DNC hacks,”Is he implying the DNC was hacked from the NSA malware servers?
I read German gold medal winners at the Olympics get free beer for life, which must work against them winning at the following Olympics.
The money went to unregulated casinos in the Philippines. A local bank manager was caught leaving work with an armoured car full of cash, so that small portion of the money will presumably be returned. The rest of it went to upgrade the Chinese triads into quads.
Re: I'm Spartacus
We appreciate your expression of willingness to participate. Unfortunately, the claims in this case had to be filed by 4 December 2015. The reason is that the Investigatory Powers Tribunal found that unlawful GCHQ surveillance, on which these claims are based, became lawful as of 5 December 2014. Once a claim is filed, the Tribunal will only search GCHQ’s records for unlawful activity during the year before the claim was submitted. What this means is that a claim submitted on 14 September 2015 would lead to records being searched for the time period between 14 September 2014 and 5 December 2014. Claims submitted after 4 December 2015 would address surveillance by GCHQ that was deemed lawful by the Tribunal and therefore not subject to a search.
It's even more of a con than the article conveyed! Apologies to PI but no apologies to the IPT:
"If Sir Jimmy abused you in the you before you first complained, then we would certainly consider accepting your proof".
Re: I'm Spartacus
I'm not one of the 663 but have strong and deep evidence I was spied upon, including but not limited to emails from a since exposed police infiltrator. I never applied to PI as I had no faith it would be taken seriously, but if it's being dismissed in this flippant manner then I perhaps should (reluctantly hold up my hand, sigh, and mumble "I'm Spartacus").
However, I'm still put off submitting a complaint as they are limiting it to the first ten cases, instead of the strongest ten, and I'm not sure if those ten have to be part of the six hundred and sixty three. Do you know if that is the case?
Re: Purpose-built systems are never secure
SWIFT originally refused to cut-off Iranian banks so the US threatened to arrest all it's employees and management. SWIFT complained to the Belgian government who shrugged. So how can an organisation follow Belgian national laws without the support of the Belgian government?
As for monitoring terrorist funding, can you name one organisation with an operations centre in the US that doesn't comply with a legal request from US authorities to track terrorists?
Re: ~8 months ago, I interviewed with SWIFT. . . .
Your impression was incorrect. I'm working class, never went to Uni, and many of my colleagues were the same. It's probably the most meritocratic employer I've worked for, far better than any British employer. Only four seniority levels from bottom to top. There were a lot of white males, but no more so than other European IT organisations.
If you were competent for the role then you were maybe deemed a security risk, their background checking is a lot more in-depth than they you'd know.
Okay, my comment was deleted, fair enough. I think I made a good point fairly but I'll respect the referees decision.
Feel free to object (more) rationally when I now make tangential points relating to other Scots councils.
My current council is Edinburgh, and I regularly see councillors there being dropped off from 'Works' vans. They use council vehicles as private taxis, at a time they are charging workers for parking at work and laying off workers.
The council I worked for, if you reach Larkhall then you are there, had a lovely line in sectarianism. "What's green and doesn't move? A Catholic on the housing list", said the head of housing to he head of finance in my presence. Not really a joke since it was true.
Further west again, Glasgow City Council - sexual abuse, homophobia, sectarianism, graft, it'd be easier to list what they do correctly.
These people feel like they have 'tenure', that they are 'untouchable', and they act accordingly. I'm not right wing, probably you'd label me far-left, but you just don't get away with their sort of malfeasance in a corporation, unless you own the corporation.
Re: Nicola Sturgeon=Rosa Klebb
Mars bar. Batter. Oil.
I have seen them, they are real, but I've only seen foreign students eating them. We Scots regard them as different courses.
Re: and people ask why I'm not on any (anti-)social media site?
"the less people knew about me the better"
Just over a decade ago you could search the internet for "Secret Project" + CV and get all the main engineers involved. They'd boast about it online, perhaps inadvertently through recruitment agencies.
In 2003 I found the main engineer behind the UK's '4 minute warning' of a nuclear attack. Brian Dreary. I wanted to trigger the warning, at least for high ranking officials, but I was persuaded by a wiser soul that was irresponsible and potentially dangerous.
For the record, at that time at least, the 'four minute warning' consisted of a pre-recorded telephone call to every British land-line, telling you Armageddon was imminent but not to panic. Guess whose voice they used to reassure us? Joanna Lumley!
Good choice. My plan was to either steal the recording or hire a voice impersonator, and call all the key folk just to panic them into heart attacks. I was talked out of that but I sort of wish I had.
Since you are now monitoring this website, how about you explain your "We didn't do it, but if if we did do it, this is how we did it" OJ Simpson defence?
While you are at it, do you want to explain why council-tax payers money is used to promote and fund the singing career of one Rena Gertz?
"He who fights with monsters should look to it that he himself does not become a monster. And if you gaze long into an abyss, the abyss also gazes into you."
You have an inadvertent 'Swift' in there. They are a car company, a delivery company, and a sausage company, unrelated to SWIFT.
My first week at SWIFT. First day I noticed the building had curved edges, same as Air Traffic - to deflect truck-bombs. Everyone gets a full body scan to enter and leave, to make sure nothing as big as a CD or memory stick gets in or out. There is CCTV everywhere. There is an ashtray placed on your desk, because they know in advance you smoke. You are allowed to smoke everywhere, including certain server rooms, because there is a constant updraft of ventilation that Dyson must've designed. You are not allowed anywhere near the servers you support, you have to talk operations staff through whatever minor or vital thing you want to do. Your colleagues at lunch joke that they analyse your piss and shit in the toilet for drugs. Except they aren't joking, although out of hours cannabis is permitted. You find your flat has been broken into overnight, fairly often, just to check. The mice have fingerprint readers. You are told security is everyone's prime responsibility, but when you actually check on security, you are questioned by an internal security team about your motives. There is no internet access, but the intranet tells you stuff about your hometown that you never knew. You are repeatedly warned about all the ingenious Mafia phishing and more serious threats. Your colleagues are introduced to you as 'John, from British security' and 'Paul, from French security', and these are actual state officers seconded to the role doing coding and tech support. When you have a tech support question yourself, your call goes directly to one of the world's experts - millionaires are your help-desk. They try to imprison their staff with high wages, and give you a weekly back massage.
Outside of GCHQ and the NSA, it is the tightest security in the world. Of course their end terminals are the weakest link, that's not their responsibility. They tell an anecdote about when Saddam invaded Kuwait they dodged a bullet because the terminal there was in an unopened cupboard.
But blaming SWIFT for end point attacks is like blaming BT for phishing scams. They are tighter than a sheep's behind at an Aberdeen game.
I have read every tale of woe here, and though I am always amused I can always beat them from my own history of incompetence. I could write a short novel of comedic failures. The time I fixed a six month BT lease-line problem. The time I drove over my bag full of replacement video cards, and had to install them anyway. The obligatory rm -rf anecdote. The time I replaced a blind man's VDU without understanding why, only to stick my hand out excepting him to shake it.
In retrospect, most of my career was comedic. I once had a MS vice-president as my first line tech support though. You know you've made it when you have a millionaire at your beck and call.
As Scottish granny's everywhere used to say, "Yer arse in parsely".
I think the English equivalent is, "I don't believe it!"
Re: The software nasty was inserted into the SWIFT terminal
Why, since none of those were involved?
Re: "...Why go for a billion??"
There were only five successful transactions, so 'very large' should remain an obvious red flag!
It's not a vulnerability on the SWIFT side which is why they aren't footing the bill. Their network is more secure than any of my other previous employers, including Air Traffic Services. If they are culpable at all it is for allowing the Bangladesh Bank to join their network.
It seems suspcious that the Bangladesh Bank was seup using $10 second hand switches unable to isolate the SWIFT terminal, not just criminal incompetence and more likely a designed in vulnerability.
There were 36 fraudulent wire transfers, and only 5 were successful, so these were very high value transactions. Rizal Commercial Banking Corporation's branch manager Maia Santos Deguito took $427,000 from one of the laundery accounts in the Philipines, but the main criminals appear to be Chinese with a very good knowledge of SWIFT terminals and procedures.
Google Free since March 2016
Hiya El Reg,
In a fit of informed petulance I decided to dump Google last month. I jettisoned my Gmail account, or as I normally have to sign in here, my GoogleMail account ("Our records show you have been a member since 2007-04-11").
By chance I haven't cleared my cookies yet, because I don't want to ditch this esteemed (steaming?) magazine. So I updated my details here to change my email address, and as told "We've sent a verification email to" my old gmail address. Catch 22.
I'm the poor sod who has been on trial for BoP, since Drew gave me my bronze badge, and my trial date has been pushed back till sometime in summer - I'm basically Job. I 'm not asking for sympathy, I would however like a little help changing my email address here without having to sign in to google again. MyName@Protonmail.com or dot ch, preferably both.
I've suffered enough and that bronze badge is all I've got left. My cat died a week ago. My dad is getting a pacemaker fitted next week. Please don't make me re~register just because your automated log-in/ change-of-details process is slightly dafter than a Google April's fool. Or at least tell me which of these bloody cookies I have to preserve for eternity to keep my login here.
When I bought my first home in the late '80s , it came with an antique '30s Bakelite rotary phone worth several hundreds of pounds, and a 3 digit phone number. Within a year my 3 digit phone number had been replaced by a 10 digit phone number. Worse still, my guinea pigs got loose when I was at work and gnawed through the phone cord. British Telecom, in their infinite greed, immediately sent men to break into my home to replace that phone with a cheapo button-dial replacement, in their words so I wouldn't be inconvenienced. Effing thieves. If I'd have phoned for any other fault then they wouldn't have responded for months, but they knew they could reclaim the phone and sell it on.
I'm no fan of rip-off modern telco-companies, but you have to bear in mind that in those days British Telecom were a law unto themselves. One of the proudest achievements in my career was getting a written apology from British Telecom, after three months hard work on my part and no effort on their part. An airgun pellet in an over-head leased line would short the circuit in high winds, disrupting the network I was responsible for. British Telecom staff at the time were as unsympathetic as DWP staff are today.
"You don't have to be a misanthrope to work here, but it helps"
Re: Ballard predicted Facebook
Your reference is the pornographic magazine Penthouse, and the reason for that is that it's publisher Bob Guccione married sci-fi freak Kathy Keeton. They then co-published the sublime Omni magazine. It also had typically sexist paintings of voluptuous fantasy characters, but I promise, as a 13 year old male I only read it for the articles.
HG Wells invented the nuclear suitcase bomb in his 1914 novel The World Set Free, albeit it was more of an ever lasting firework.
More's 'Utopia' itself could be reimagined as a dystopia from the POV of one it's citizens.
I am hugely impressed with "A Logic Named Joe" and hope El Reg dig up more. Can I suggest "I have no mouth, but I must scream", which I thought of every day in the hell of tech support.
Dead and dying children at work
I was hired as a Business Consultant at a firm in the Netherlands, and then demoted to SysAdmin because my Scottish accent was too strong. I wasn't happy at that, and I never wanted to be the PC police especially in a country where laws and attitudes towards sex were so different.
Engineers and salesmen would dial in to use the (then) high speed and free office internet rather than take out an account of their own. Even the ones with their own internet connections would view porn via the office presumably as they assumed it gave them more plausible deniability. The company internet server cache was massive, and at least three quarters of it was porn, as I found out when I had to investigate exorbitant charges from our ISP. It was hard to look at any of my co-workers the same way, especially the women. I sent out a memo to everyone explaining what a cache is, and asking them not to view anything they wouldn't want me to have to view, and instantly the internet bill was halved (and nobody could look at me either).
I've had a few experiences of being surprised or shocked by porn at work, but nothing close to "call the police", maybe I'm just deviant. I worked for an imaging/workflow company once, and they were trying to prove their system to a local NHS, so I was made to scan in and process sample medical records they provided, perhaps illegally. That was the most traumatic two days I ever spent at work. All the records were dead and dying children: X rays, photos, case-notes, etc. When you lot talk about things you can't unsee, well nothing I saw hadn't already been seen by a dozen doctors and nurses who probably see that sort of thing every week. They have all my respect, because decades later just thinking about it has me crying and reaching for the brandy.
I was asked to fix a Belgian guys laptop once, it was running slow. AVG identified over 37,000 viruses on it. That was unusually high so I went to delete the internet cache, and it had already been deleted but all the sites were still there - IP numbers rather than URLs, all Russian. He'd been engaged to a local woman who privately accused him of being a paedophile, and I'd seen him groom, kiss and even lick her daughter, I was certain she was correct. I didn't have enough evidence against him to phone the police, but I kept tabs on him. He later joined a social group where he had access to their children as a figure of trust, so I warned them about him. He had me charged by the police for doing that. They dropped my prosecution when I mentioned I had a recording of his ex-fiancee discussing his behaviour.
On a US magazine website I recently had my first conversation with someone who admitted to being a reformed paedophile, which I found very interesting. I'm a hang'em and flog'em guy when it comes to adult abusers, so it was informative finally being able to "Ask me anything". I think I have a better understanding of it now but I'd still recommend that if you can take action against someone who is a child-abuser, or even against someone who gets off on images or video of child-abuse, then you should do what you can. According to the honest paedophile I talked to, one thing does lead to another worse thing.
Re: aye but
The correct phrase is 'Aye, right'. Nobody says "Aye, but". Not once, not ever. Are you trying to discredit me and the presumably other 12 or so Dannys here. What a daft post. Utter mince.
No spoilers please
I really want to know how to stop a Win10 update repeatedly trying and failing to install itself on this PC, slowing down this bandwidth and eating up 10Gb of unrecoverable HD space. Please, nobody tell me, I have more important things to do just now and will have plenty of time to figure it out soon one way or another.
My over my self confidence has just been boosted greatly by googling IMAO and finding it recognised widely. I can't prove I invented that first, but I did come invent it independently before it was Yahoo~able, and you can't patent a FLA.
I didn't invent FLA, it was common among my fellow students back in the '80s, an extension of https://en.wikipedia.org/wiki/Three-letter_acronym 's, a seemingly witty riposte to excessive use of jargon and acronyms in IT.
[Two letter acronyms were and are deemed ok - occasionally knowledgeable]
Re: Privay versus Safety?
My hive mind is failing me. There was a great quote in a Guardian book review that agreed with your statement from an English earl at the time of the French revolution. It stated that he would rather have a score of cut-throats in London than suffer the mass state terrorism and surveillance endured in France.
Except that is just the gist because every time I go searching for it I get redirected to Google CAPTCHAs, despite my other googling working fine. So I guess that quote has been deemed inconvenient. Of course the actual quote never mentioned state terrorism, because at the time all terrorism was by the state against its own citizens. That was such an inconvenient word that it's very meaning has been changed.
Re: Right answer, wrong reasons
True, but they did have funding from the US, partly raised by Republican Congressman Peter King.
Re: The man is absolutely right!
I did once try to look for needles in a field after something went boom.
When the Lockerbie disaster happened the police warned people away from just one section of countryside because the flight was seemingly carrying a cargo of needles, the warning being that people could accidentally stand on them and hurt themselves (no mention of the still flaming wreckage). Needles are a low-value item never normally transported by air, and there was some suggestions by relatively sane people that they were "flechettes" and part of awful munitions that were being secretly transported and may have caused the explosion.
One easy way to test this theory would be to find either a needle or a flechette in the fields using a metal detector, so I consulted with a 'detectorist' I chanced upon on scanning a beach, and tried to gain access to the area. I was unsuccessful, partly I think due to state action.
On a differing related subject, I was aware that Depleted Uranium was regularly used as ballast on many large aircraft, so when 911 occurred I phoned the airlines to ask if it had been present on the New York flights, as this would have a serious impact on the residents and first responders health. I got no reply but a swift visit from a lost american tourist, in a town where no american tourists had been lost before or since. And now the NY first responders are all dying of cancer while their medical support is a political football as highlighted by Jon Stewart.
Rambling free style
I used to fill my criminal drives with MP3s after formatting them as I had more songs than disk-space. Then I started I started getting raided on bogus terrorism excuses and I built a forge, better than a hammer.
There's a really good, if irrelevant, NS article just online, Memory recall works twice as fast as the blink of an eye
When I was a four year old I used to test how fast I could think by throwing my self off a small flight of steps and trying to think something before I landed. I never could think anything mid-air except, "Think something" which didn't count as I'd already been thinking that. I concluded I was a slow-thinker, and as I grew older others certainly were more 'quick-witted'. They tend to get in a lot more trouble earlier on though, it's a common-difference in brain function that leaves them open to impulsive short-termism and leaves me more open to brain-freezing in emergency situations.
Computer magazines and websites have speed-tests for machine components, processors and systems, I hope someone develops something like that for humans. There are seemingly four stages to human memory, remembering it, recalling it and I forget the other two. Not my field of study. Still, I'm in a court case just now that mostly relates to events from decades ago, and I seem to be the only person who remembers anything, and I remember those past events too well if anything. Being able to forget, to wipe memory, must be as much of a blessing. I wish there was a Darik's Boot And Nuke for the mind, like Eternal Sunshine, but everyone seems intent on memory augmentation implants.
Re: Register Addict
"Linux is certainly becoming more and more tempting"
You kind of have to know both MS and a Unix variant if you want to call yourself a techie, and that's been true for thirty years. If you just know one in depth then you can call yourself a technologist, but 'techie' implies a 'jack of all trades' able to field any daft question from a newbie. You can block Win10 data-slurping if you know how to modify your router.
Can I test my Sherlock skillz out on you? Are you a British born and bred citizen but with a parent from the middle-east? Your hogmanay greeting seems mixed race. My Afghan, Iranian and Iraqi pals always wish me a 'successful and prosperous' New Year, whereas my inbred British pals never mention prosperous and stick solely to happiness. It's either that or you're more of a Trekker than a Whovian.
Who won the XKCD ticket?
Did the winning cartoon for the XKCD competition ever get published here? I'm still working on mine, it should be ready for the next time he releases a book.
Want to feel young? The Wii is only ten years old. It feels like my Mariokarts record has stood for far longer than that.
Re: Loaded guns
"I am starting to wonder if we need a Computer Operating License?"
Oh, they have that. They used to dole them out on the New Deal, and the recipient doley considered it superior to Microsoft or Cisco accreditation.