TalkTalk Ransom Demand

So, the head of TalkTalk (Dido Harding) has received a ransom demand following the latest hack? From a bunch of Islamist gangsters? I don’t think so. Okay, she probably received an email extortion attempt. Several in fact. It’d be form for Islamist gangsters to have a go, amongst the usual suspects. But the idea that whoever is behind the attacks also sent the ransom demand does not sound like the normal MO. It smells wrong to me. Extortion attempts of this kind generally follow a demonstration that the criminals can disrupt a web site, not after a long-term outage.

I get the vibes that TalkTalk doesn’t know what happened, and take everything they say with a pinch of salt. The only certainty is that their web site was toppled. Data theft, or script kiddies? I suspect the latter, actually. They floated the possibility of widespread data theft, which is very responsible of them until it’s figured out what exactly happened. This is a possibility in any attack.

Meanwhile, people are now questioning whether the stolen data (if there was any) was encrypted, and if not, why not. On a live system, data can’t be encrypted. Think about it! This is allegedly a hack of a live system, so the criminals would have access to the same data that he live system would.

This whole story has been hyped up way beyond the facts. No one (including TalkTalk) wants to suggest it may be overblown for fear of being branded irresponsible by a technically illiterate news media and opportunistic politicians. But it smells all wrong to me. How much more embarrassing if it was was actually script kiddies getting lucky, rather than the APT being hinted at.

Is Northolt Aerodrome Dangerous?

Biggin Hill, a rival airfield to Northolt chasing executive jet traffic for London, has got hold of a 2012 report that says Northolt  doesn’t meet current CAA standards for obstacle clearance, especially at the east end of the runway. Northolt has been there for a hundred years, so shame on the local council for allowing this alleged dangerous development to have taken place.

It wouldn’t be the only airfield to lose its CAA license since new rules came in (e.g. Sandown and Bembridge on the IoW) but then again it’s a military/government field and is regulated by the MAA instead. The civil operators of Biggin Hill and Oxford reckon the CAA should take over regulation, and (presumably) shut their rival down. They would say that, wouldn’t they?

Of course, a cynic like me may wonder whether the value of a huge plot of land next to the A40 had a bearing on what interested parties have to say on the subject.

 

Safe Harbour Agreement on Data Sharing with Uncle Sam ruled unlawful

Causing trouble – Court of Justice of the European Union

The long awaited ruling about whether the Safe Harbour agreement allowing free transfer of data concerning European citizens to the USA is valid under European Law has  just been published. And it’s a doozie.

Basically a Safe Harbour agreement (note the use of the indefinite article here) means that you won’t be sent down the river for doing something that might otherwise be illegal. The specific Safe Harbour agreement in this case (2000/520/EC) says it’s okay for European data controllers to send whatever they like to the American’s because Uncle Sam is a good friend. This would otherwise be a no-no because you’d be giving up control over information that would otherwise be protected by European privacy laws.

This situation is currently being misrepresented in the popular press as being about Facebook (social media being their favourite subject after themselves); it’s not. It’s about all data. The case was brought by Austrian civil rights campaigner, Max Schrems in the Irish courts to test the legality of Facebook doing just this, as a high-profile example. A lot of American companies like to base their data centres in Dublin because, up until now, the Irish courts have been quite relaxed about what goes in compared with certain other European governments. (And lets not forget the tax breaks, and that Dublin is a nice place to be).

Hanging over this is the shadow of Edward Snowden (yet again), raising public awareness and anxiety over government access to PII. The fact that this PII is already in the hands of the likes of Facebook, Amazon, Microsoft, Google and Twitter with the full knowledge of the subjects doesn’t seem to matter – it’s the principle of the thing!

Anyway, the ruling basically says that the initial ruling is incompatible with European Law, and we can’t trust the Yankees to look after it without further safeguards. Where this leaves American companies with European data centres remains to be seen.

People are very wrong about Jeremy Corbyn

Jeremy Corbyn Global Justice NowI was speaking to a Conservative party activist of my acquaintance a couple of weeks ago. He was rubbing his hands with the thought of Jeremy Corbyn being the new front-runner to lead the Labour party. Listening to the comment on Sky News this morning, it’s now being considered a foregone conclusion, with supporters of the other three candidates putting on a brave face and deflecting questions along the lines of “Will Labour ever be electable with Corbyn in charge”?

Early on in the campaign, Tony Blair put the problem rather well – if the public had rejected Ed Milliband’s Labour party because it was too left-wing, why would they prefer an even more left-wing party lead by Corbyn?

They’re all missing the point (no surprise where Blair is concerned). Given the right circumstances the British Public will definitely vote for a left-wing nut job with a deluded grasp of economics and a track record of courting publicity using international untouchables. London voted for Ken Livingstone. Twice. In spite of the consequences. Not because they approved of his policies (or even understood them), but because he was likeable, and because he was the person most likely to annoy the incumbent government in Westminster at the time.

Jeremy Corbyn has a very good chance of winning the Labour Leadership for the same reasons as Livingstone managed to cling on to power. Whilst I disagree with his economics, foreign policy and most of the other stuff he espouses, I get the feeling he’s a nice guy personally – I’d prefer to spend my time with him than any of his New Labour opponents.

Will this be enough to carry him to the job of Prime Minister in 2020? Flying in the face of the rest of the world, it seems, I have to say its possible. This is not a good thing. It might be fun, but the matter is too serious.

Labour’s enemies stuffing ballots with £3 votes should be very careful what they wish for.

The Future of Nominet (AGM report)

Nominet, the not-for-profit company that manages most of the .uk domain space, has been worrying me of late. It replaced a naming committee in 1996 as the volunteers that run it started to become overwhelmed by the workload, and was set up be self-sustaining by charging for domain name registrations. Based in Oxford, it now employs 140 people.

They’re worried. Anyone who wants a domain name pretty much has it – or it’s being sat on by a cybersquatter. Either way, Nominet’s getting the residual income from having registered it in the first place, and this is now fixed. Or worse, as the enthusiasm for registering names in the hope of making money from it later wanes, their income may fall as people unload their speculative “investments”.

As well as Nominet employees no longer being kept in the manner to which they’re accustomed, this presents a problem for those dealing in domain names commercially. Call them cybersquatters, domainers or parasites as you wish – domain dealers are making money out of buying and selling domain names. Their portfolio losing value as the bubble bursts could be problematic for them. With new top-level-domains now available, and the importance of a particular domain name falling, this is inevitable.

So, unsurprisingly, Nominet has been talking about expanding in other ways. At today’s AGM, new CEO Russel Harworth, was taking about expanding in to adjacent markets. What could this mean? As well as providing domain names, the obvious answer is hosting or other Internet services. Nominet members are going to have a problem with that: Nominet has a monopoly position issuing domain names, a big pile of cash and no way would it be good for anyone if they started competing with UK Internet businesses.

I pushed Russell Haworth on his choice of words. “I have no intention of competing with the channel”, was the emphatic reply. He explicitly rejected the idea of hosting: “It’s not our core business and never will be. The margins are very tight anyway.” This will be a relief to the hosting companies, who know all about tough margins. He continued “I’d like to see us add value to the channel. For example, we sit on a lot of data. We can aggregate that data. There is an opportunity to look at big data. [and derive value from it]”.

Basically, the plan seems to be to analyse domain registration data and DNS traffic, and use it to target areas such as SMEs with a view to selling them something. Quite what they were selling wasn’t spelled out exactly, but domain name registrations seemed to be the only example.

It seems that the current thinking is to sell DNS products, which won’t compete with anyone much (apart from anyone selling DNS products). Why anyone should pay for DNS products is beyond me; but if you can’t manage your own DNS I suppose its possible for companies to outsource it. But I really don’t see this replacing the revenue stream, as new domain name registration income stops rising.

Rob Golding from Astutium asked what many of us were thinking – what’s so wrong with the status quo? Why not stick with one revenue stream. Nominet isn’t supposed to be a business and has no need to expand; it’d be okay to contract. Unsurprisingly, Nominet’s view was similar to that of turkeys towards Christmas. “It would be foolish not to look at opportunities to diversify”. Speaking about the saturation of the .uk namespace and future projections, Haworth continued “It’s Darwinian – we’ re not going to sit and watch things fall apart. If we see domains trending downwards, Nominet can add value to adjacent markets.”

This is an interesting situation, especially when you see who controls Nominet. Things are voted on, ultimately, by its members. This is weighted to the number of names they have registered. It’s pretty obvious that the large domain name registration businesses are going to have a far greater say than the majority of small members; those that represent the general Internet industry and general public. The big domain dealers will have millions of votes; a normal small ISP might have a few dozen. To counteract this, Nominet limits the votes of any one member to 3%, and has mechanisms in place to stop the big companies simply joining once and splitting their domain portfolios to get multiple 3% blocks. However, one still suspects that, although there appears to be no evidence that the domain dealers don’t collude in their voting, they’re all going to have the same interests and will naturally vote together – this effectively tending to control Nominet towards policies that support their business model.

Unfortunately there’s no easy way around this. Even if it was one-member-one-vote, large organisations could swamp the membership with their friends. So what keeps Nominet working in the public interest? Ultimately, scrutiny. If it went too far, an outcry could get the Government involved.

It’s also hard to see what Nominet can do in other fields. Their charter requires them to engage only in worthy projects. But according to Haworth, “This doesn’t mean yo can’t be commercial.” However, given that Nominet has a huge, secure revenue stream for investment, it clearly does have a commercial advantage over anyone else who has to raise funding through normal channels. We’ve heard this before – Bill Gates famously said that Microsoft was about making the world a better place. Whether that’s his personal philosophy or not, from a corporate perspective it has a hollow ring.

In the mean time, Nominet is intent on expanding its revenue streams. The supposed block votes of the domain dealers (all those 3%s added together) is going to limit Nominet’s ability to compete with them. 123-Reg is never going to allow Nominet to start hosting web sites and damage their own business. So what next? I, for one, will be keeping a close eye on it. I was very much heartened to see that was the general consensus of those present, including Trustees and the board.

Obama to end cyber-attacks

American president Barack Obama is so hacked off with cyber-attacks on US companies (and other interests) that he’s taken a step sure to send the perpetrators running for cover. In an executive order on the 1st of April, he created a new sanctions authority to have a go at anyone attacking the USA. In the statement announcing it he is quoted as saying “Cyber threats pose one of the most serious economic and national security challenges to the United States, and my administration is pursuing a comprehensive strategy to confront them”, describing it as a “national emergency”

Basically it gives the US Treasury Department to freeze the assets of any hackers suspected of attacking the US, in much the same way as it brings peace to places the Middle East and Ukraine. The criminals behind these attacks are no doubt quaking in their sneakers.

The decision to blame North Korea for the Sony attack told the world that the administration was getting tough, never mind the facts. And the Chinese, of course, deny state-sponsored naughtiness on an apparently daily basis.

The problem is, of course, that it’s somewhat difficult to actually figure out who’s behind an attack. Working out where an attack comes from is possible, and it’s usually from some hijacked computers used to obfuscate the origin. China and various other countries have a higher installed base of pirated software, which often comes with a built-in botnet, so of course attacks come from these places.

Initial opinion in the USA is divided between the law-makers, politicians and the non-technical cyber-security industry heralding it as the beginning of the end for international espionage gangs, and those of us who know now it works wondering if this is an April Fool.

One point I find intriguing, however, is whether this will have an effect on patent disputes. Apparently they’re worried about, and plan to apply these powers to, intellectual property theft. It seems to me that if some technology turned up in a competitor’s product and the American company went crying to the authorities they could have sanctions imposed on the foreign company, without any reasonable way of proving that any theft had taken place – or even who had it first. It could get messy.

 

 

Why Jeremy Clarkson Matters

Jeremy Clarkson must feature in the worst nightmares of the trendy liberals that run the BBC. He’s intelligent, articulate and hugely popular, but not politically correct. Whether he’s right or wrong in what he says doesn’t matter. From what I’ve heard of his TV appearances, he comes across shallow and missing the point 75% of the time. He’s written books and a column in the Sun “Newspaper”, which may turn out to pander less to the need to entertain; I don’t know because I can’t be bothered to read them.

I hear more about Mr Clarkson from the news media, where there appears to be a vendetta against him based on the notion that he says things which, while part of English society for over a century, are no longer politically correct. They’re lambasting him for treading on cracks in the pavement.

The latest row seems to be about him losing his temper after a stressful day’s filming. This isn’t a good thing, but it’s part of life. If he was a celebrity chef, such behaviour would be encouraged.

We should really be sharing a thought for the poor producer on the receiving end of the self-important star’s bad mood and abuse: Oisin Tymon. He appears to have taken the matter professionally, in his stride. He’s working in an industry containing celebrities with arge egos placed in stressful situations, and what little information there is in the public domain, it appears he’s taken the incident on the chin (literally, by some accounts) and just got on with it.

Unfortunately, it’s given Danny Cohen, the BBC Director of Television, the perfect excuse to over-react. Or so he seems to think. It’s clearly being used as an opportunity to silence a voice that doesn’t fit with their left-wing, liberal agenda. I’ve no problem with a left-wing agenda, as long as it’s balanced. The BBC is paid for by society as a whole, and has no business censoring someone who reflects the views of that society, whether they reflect their views or not.

Whether Mr Cohen is pandering to the views of his colleagues is something I can’t tell. There are calls for the wonder-boy of British Television to go instead of Clarkson. One thing’s for sure; there’s always Noreena sitting over the breakfast table to keep him on the one true path. Her published works leave no doubt as to her political and philosophical leanings.

As I believe in hearing all views from our “uniquely funded” state broadcaster, I have no choice but to take a stand in defence of the oaf. Guido Fawkes started a petition, and I notice it has almost reached a million supporters. Sign it here.

London Low Emissions Tax Grab on the Poor

The GLA has sprung a public consultation on us, trying to get us to agree to a tax on horrible polluting vehicles to improve the air quality in central London. It’s the kind of thing that gives environmentalists a bad name – a money grab in the guise of a clean-up.

The idea is that vehicles that don’t meet current emission standards, decided by age, will be clobbered an additional £12 on top of the congestion tax for driving through London. Who’s it going to hit? Not the commercial users (generally speaking) as their vehicle fleets are going to be fairly modern. And not the Chelsea Tractors – they’re too new. It’s going to affect the people least able to afford it – those with an older family car that they keep going rather than scrapping because either they can’t afford a shiny new one, or simply think the conspicuous consumption of the new car market is immoral.

The consultation has some interesting, but cooked, figures for the source of the problem. Even then it doesn’t stack up. But on a proper survey of pollutants like this one it’s even more revealing.

First off, a half of some pollutants come from brake, tyre and road surface wear. Taxing older vehicles isn’t going to change that – it’s got nothing to do with the engine. Then about a third comes from burning gas, and most of that commercial use. The GLA doesn’t mention this!

Then we get to the breakdown from vehicle NO2 emissions. The (current, measured) figures show that:

35% comes lorries (articulated or rigid)
28% is from busses and coaches
21% is from taxis
16% is from cars and motorbikes.

Of the last figure, 90% of that is likely to be from diesel cars and 10% petrol cars.

Hmm. So which type of vehicle is going to be caught by the tax the most – probably the older cars, and these will probably be petrol (most cars are). Yet they’re responsible for only 2% of the problem.

Okay, if the GLA wishes to slap a £100 charge on coaches and lorries, this will work – it will hasten the replacement of ageing clapped-out diesel engines which will have done enough miles by the time this is introduced in 2020. People with older cars simply don’t operate this way. They’ll just have to pay up, proving this is just a money generating exercise.
The GLA was serious about reducing emissions, they should go for the low-hanging fruit – ban diesel taxis and make them go electric would save 21% at a stroke. And the same with the LRT busses (possibly not coaches). And the beauty of this system is that it won’t cost very much to run.

LGVs (big lorries) are more of a problem. They’re probably not going to head through central London unless they really have to, and the technology doesn’t exist (yet) to replace them. Emissions from these have already been reduced, but they still produce most of the problem. And they’re not going to be taxed, because they meet modern standards. It needs some investment in clever solutions.

The plan appears to be to raise this by taxing the low-income or occasional motorist (i.e. anyone with an older car). That’s not right. If you agree, and want to have your say, click here.

 

Sony and Microsoft games network hack

Both the Sony an Microsoft games network servers have been badly disrupted from Christmas day. The cyber vandals Lizard Squad have admitted responsibility.

This outage has nothing to do with millions of new games consoles being unwrapped and connected at the same time. Oh dear me no. Their network servers would have taken the huge spike in workload in their stride. This is definitely something to blame on those awful hactivists, and any suggestion that it was teetering on the brink and all it needed was a little push is a foul slur on the competence of Microsoft and Sony.

The extent to which Lizard Squad was involved may be in question, but major respect for the expert way they’ve played the media. Again.

Sony Hack – whodunnit?

Details are starting to emerge about how Sony was compromised. Sagie Dulce from Imperva reckons he’s seen the Destover back-door software used before, in 2012 in Saudi and then again in the 2013 Dark Seoul.

A few days ago Jaime Blascoof AlienVault Labs sent me a note about malware samples he’s got hold of, with the following comment:

“From the samples we obtained, we can say the attackers knew the internal network from Sony since the malware samples contain hardcoded names of servers inside Sony’s network and even credentials – usernames and passwords – that the malware uses to connect to systems inside the network. The malware was used to communicate with IP addresses in Europe and Asia, which is common for hackers trying to obscure their location. The hackers who compiled the malware used the Korean language on their systems.”

I’ve had other reports that the malware was compiled using a Korean language development environment. This means nothing to me – a lot of these generic malware kits are.

To me, this is looking more and more like the work of the usual suspects. An inside job – not a sudden and spontaneous lashing out by the North Koreans. This kind of attack requires time to put together.