Category Archives: Big Data

Building A Global Nation State SMB Exploit Honeypot Infrastructure With A £50 Budget #EternalPot

Note to post: All words, IP ownership, analysis, opinions, data, graphs et al are the property of Kevin Beaumont and where altered and extracted are done so remaining true to the original meaning / assertions. From and article by “Kevin Beaumont InfoSec, from the trenches of reality. Email kevin.beaumont@gmail.com | Twitter: @gossithedog on Twitter” titled “EternalPot — Lessons from building a global Nation State SMB exploit honeypot infrastructure” athttps://doublepulsar.com/eternalpot-lessons-from-building-a-global-nation-state-smb-exploit-honeypot-infrastructure-3f2a0b064ffe

Worthy of note before beginning to read this beauty – Mr. Beaumont predicted that this would happen back in April 2017:

Now over to the expert ….

Extracts BEGIN (again full original article here

A week ago I started building #EternalPot, a honeypot for the Equation Group SMB exploits leaked by the Shadow Brokers last month.” (May 2017) – “My entire budget for one of this is £50, as I self fund all my InfoSec research — I work for a company that makes crab paste, so everything is done outside of work, on my own time. I highly recommend working InfoSec for a company where the CapEx tap is turned off temporarily, by the way, as you’ll find out how skilled your workforce are and you’ll get back to the most important part of InfoSec: the basics. Build simple solutions, always…..

.

.

There has been a lot of vendor and press coverage of WannaCry which has been inaccurate. Despite what has been said, WannaCry was not spread via phishing or email — in fact, it was an SMB worm. Seeing a constant stream of misinformation from InfoSec vendors still around this has been depressing — it still continues to this day, long since the major players and initial victims walked back the email line…..

.

.

The EternalPot data has shown advanced attacks, multiple coin miners, remote access trojans and lateral movement attempts into corporate networks — all via the Windows SMBv1 service. One of the exploits — EternalBlue — was used by the WannaCry ransomware spreader…..

.

.

As you can see pre-WannaCry (refer to diagram in article and below), these SMB attacks were almost non-existent. It’s an SMB worm like the ones from the prior decade. Another angle to the press coverage was Windows XP being impacted — in fact, an entire weekend of UK mainstream media and political commentary ran about this. While SMBv1 has serious issues on Windows XP and 2003 (and on later OSes!) and should be patched and firewalled (aka disabled), the reality was the WannaCry spreader didn’t work on Windows XP SP3…..

SM

.

.

All the WannaCry samples seen so far — thousands delivered in real world honeypots — have two factors:

  1. They are one of two corrupt versions, where they spread but fail to execute ransomware as the PE headers are corrupt.
  2. They contain working killswitches.

If you’re pondering why WannaCry seemed to disappear almost completely, here we are. The authors simply disappeared. The Tor payment pages don’t even exist now. We owe MalwareTech more than pizza…..

.

.

Another angle to the press coverage was Windows XP being impacted — in fact, an entire weekend of UK mainstream media and political commentary ran about this. While SMBv1 has serious issues on Windows XP and 2003 (and on later OSes!) and should be patched and firewalled (aka disabled), the reality was the WannaCry spreader didn’t work on Windows XP SP3. Here’s Kaspersky’s graph of infected operating systems…..

W

.

.

One thing I will say — I don’t want to name the vendors, but some of the biggest next-generation security productssimply aren’t detecting SMB attacks nearly well enough. Malware regularly infects these systems, and they have to be reimaged as a result. It is amazing seeing next gen, premium tools with machine learning etc running Coin Miners andremote access trojans delivered via old exploits, with the tools not even noticing. It has been very eye opening for me. The marketing to reality Venn diagram here isn’t so Venn. At times it is so bad it is actually jaw dropping seeing certain attacks not being detected…..

Extracts END (again full original article here

ENDS

Does Legislation Stifle Innovation?

(From an article originally published in July 2017 on my peerlyst blog)

Does legislation stifle innovation? No. Why? Because it legislates in “catch up mode” mostly and on those rare occasions when the legislators do see something coming in advance (examples? I don’t have any actually) – then they fail to implement the legislation or put in place checks and balances to monitor compliance.

Legislators are better at legislating for the abuse of data – the IP Act in the UK – in favour of mass surveillance and warrantless omnipresent spying and eavesdropping. It’s a catch all bucket – much easier than putting your back into it and figuring it out with Privacy, Civil Liberty and Human Rights in mind.

Legislators are looking to heavily regulate IoT. One wonders what their approach will be since they have failed or chose to ignore (more likely), it would appear, to legislate and police the most basic elements of Data Protection despite some of the first statutes being enacted (in Europe) as far back as 1986.

Now we have the kerfuffle of the NIS Directive (compelling member states to “be appropriately equipped, e.g. via a Computer Security Incident Response Team (CSIRT) and a competent national NIS authority” – another agency just when we thought that the ones that we had were as bad as the disjointed un-joined up implementation of policy could get) and GDPR (which contains the bizarrely general statement in Clause 4 that “The processing of personal data should be designed to serve mankind”) – good luck implementing that.

Data Protection legislation for much of the intervening period was “lip-service” and PR driven. The DATA PROTECTION ACT, 1988 was publicised by the Irish government as an innovative “first of its kind” legislation that would set the Republic of Ireland apart and create a “privacy regulated” USP for RoI as an FDI (foreign direct investment) destination.

The IDA boasts on their website “We favour green lights over red tape, which is why we are one of the best countries in the world for ease of doing business (Forbes). New business is welcomed and supported by the flow of talent coming from our schools, universities and abroad, to work for high-performing companies across a range of cutting-edge sectors.”

What this really means is that regulation in Ireland with respect to Data Protection and Central Bank governance (both having a direct impact on the operations of the likes of EU headquartered tech giants based in Ireland – Google, eBay,Facebook, Twitter, HubSpot etc … pick a name – they are based in Ireland somewhere) was all about accommodating whatever these firms asked for, with scant or little regard to what the privacy protections in the legislation actually dictated in terms of consumer / end user protection.

Put the following statement in front of your local Data Protection commission and ask them to respond with respect to their view on the best way to protect the consumer while enabling innovation – prepare for an answer characterised by vanilla, non-committal prose peppered with out of context TLA’s.

“Dear Data Protection Commissioner, How Does Your Office Propose To Balance Classically-Conceived Privacy Concepts In Light Of The Business Imperative Of Providing The End User With Contextual Richness?”

The Office of the Data Protection Commission and the Central Bank of Ireland are widely regarded as complicit in the wholesale abuse of the data protection, privacy and tax obligations of tech companies operating in the country.

Understaffed, under-skilled and under-whelming, these outfits have presided over some of the most spectacular breaches of these obligations.

Now, they seek to add to their NP-Complete task and their ever expanding skills gap – the area of IoT regulation.

They will be tasked with creating law to govern how companies should implement security protocols and data protection measures to control the people who use the information generated by IoT (or those who seek to illegally acquire it) and the application of Big Data, IoT, AI, data analytics, and machine learning.

I have no faith that Ireland or Europe will stay on the edge of the curve of innovation in order to regulate its expansion in a controlled and understood manner. But I could be wrong. Do you think that I am wrong? I would love to hear counter arguments to my usual cynical stance on these issues.

ENDS

Post-truth, Fake-news and Big Data – Killing In The Name Of

In spite of the best efforts of Big Data acolytes to paint Big Data sceptics as Luddites (and, I have nothing against Luddites per se), the argument is babble, since the aged, brute-force and relatively unsophisticated approach to list creation and counting, isn’t that new and isn’t that smart and in many cases it certainly isn’t as uniquely cost-effective as it is touted to be either.

Moreover, it doesn’t even replace anyone with a machine – it just takes up time, money and patience – and worst of all, deflects attention away from more important initiatives and issues. So, no. Nothing to do with Luddites at all.

Nothing to do with ignorance of Big Data, nothing to do with clinging to the past, and, nothing to do with a refusal to embrace the new. It’s about pointing out amazing Big Data success stories that don’t deliver on their promise. It’s about calling bullshit on bullshit and the bombastic clowns who spread it.

Now, if there’s a cost-benefit advantage to be had, and the answer is Big Data technology, then one would simply use it. Naturally.

Source: Post-truth, Fake-news and Big Data

Is Kosinski “Tesla” to Nix’s “Marconi” for Big Data Psychographic Profiling?

Data Driven Democracy Where Opinions, Policies or Convictions Don’t Matter Just The Targeted Message on Facebook Dark Posts.

Cambridge Analytica (Steve Bannon, Board Member) owned by SCL (Strategic Communication Laboratories) – the self styled “premier election management agency” – and how they “helped” Trump, Farage, Brexit, Cruz, Ukraine, Nigeria, Nepal & Afghanistan influence outcomes using data modelling and psychographic profiling.

I HAD never heard of Mr. Kosinski until I read an article in Motherboard last week. The incredibly interesting read entitled The Data That Turned the World Upside Down was written by Hannes Grassegger and Mikael Krogerus who work for Das Magazin with additional research by Paul-Olivier Dehaye.

It discusses a series of intersections between the work of Mr. Kosinski, a vaguely sinister guy called Alexander James Ashburner Nix, CEO of Cambridge Analytica (board member Steve “Ahem” Bannon) and a seemingly innocuous chap called (in 2014) Aleksandr Kogan (now quite unbelievable known as Dr. Spectre (seriously)) with associations to a definitely sinister company called SCL, or Strategic Communication Laboratories who describe themselves as “the premier election management agency”.

The main points are this, but I strongly recommend that you read the original article:

  1. Kosinski and fellow student David Stillwell use data from a Facebook application called MyPersonality, that Stilwell developed in 2007, to create models from “personality profile” data acquired from users who opt-in to share their app answers with researchers. Kosinski and Stillwell are both doctoral candidates studying together in Cambridge University at the Psychometrics Centre;
  2. The MyPersonality app is an unexpected hit with millions of people submitting answers;
  3. They find that remarkably reliable deductions could be drawn from simple online actions. For example, men who “liked” the cosmetics brand MAC were slightly more likely to be gay; one of the best indicators for heterosexuality was “liking” Wu-Tang Clan. Followers of Lady Gaga were most probably extroverts, while those who “liked” philosophy tended to be introverts;
  4. In 2012, Kosinski proved that on the basis of an average of 68 Facebook “likes” by a user, it was possible to predict their skin color (with 95 percent accuracy), their sexual orientation (88 percent accuracy), and their affiliation to the Democratic or Republican party (85 percent);
  5. Kosinski continued to work on the models before long, he was able to evaluate a person better than the average work colleague, merely on the basis of ten Facebook “likes.” Seventy “likes” were enough to outdo what a person’s friends knew, 150 what their parents knew, and 300 “likes” what their partner knew. More “likes” could even surpass what a person thought they knew about themselves;
  6. On the day that Kosinski published these findings, he received two phone calls. The threat of a lawsuit and a job offer. Both from Facebook;
  7. Around this time, in early 2014, Kosinski was approached by a young assistant professor in the psychology department called Aleksandr Kogan. He said he was inquiring on behalf of a company that was interested in Kosinski’s method, and wanted to access the MyPersonality database. Kogan wasn’t at liberty to reveal for what purpose; he was bound to secrecy;
  8. Kogan revealed the name of the company he was representing: SCL, or Strategic Communication Laboratories;
  9. Kosinski came to suspect that Kogan and a company that he had formed might have reproduced the Facebook “Likes”-based Big Five measurement tool in order to sell it to this election-influencing firm;
  10. Cambridge Analytica subsequently acted for Farage in the Brexit campaign and Republican Ted Cruz then they were hired by Trump;
  11. Cambridge Analytica buys personal data from a range of different sources, like land registries, automotive data, shopping data, bonus cards, club memberships, what magazines you read, what churches you attend. Nix displays the logos of globally active data brokers like Acxiom and Experian—in the US, almost all personal data is for sale. For example, if you want to know where Jewish women live, you can simply buy this information, phone numbers included. Now Cambridge Analytica aggregates this data with the electoral rolls of the Republican party and online data and calculates a Big Five personality profile. Digital footprints suddenly become real people with fears, needs, interests, and residential addresses;
  12. Trump’s striking inconsistencies, his much-criticized fickleness, and the resulting array of contradictory messages, suddenly turned out to be his great asset: a different message for every voter. The notion that Trump acted like a perfectly opportunistic algorithm following audience reactions is something the mathematician Cathy O’Neil observed in August 2016;
  13. Why did he behave like this?;
  14. “Pretty much every message that Trump put out was data-driven,” Alexander Nix remembers. On the day of the third presidential debate between Trump and Clinton, Trump’s team tested 175,000 different ad variations for his arguments, in order to find the right versions above all via Facebook. The messages differed for the most part only in microscopic details, in order to target the recipients in the optimal psychological way: different headings, colors, captions, with a photo or video. This fine-tuning reaches all the way down to the smallest groups, Nix explained in an interview with us. “We can address villages or apartment blocks in a targeted way. Even individuals.”;
  15. When did having an opinion or a conviction matter in a “data driven” democracy – it certainly did not seem to matter to Trump;
  16. In the Miami district of Little Haiti, for instance, Trump’s campaign provided inhabitants with news about the failure of the Clinton Foundation following the earthquake in Haiti, in order to keep them from voting for Hillary Clinton. This was one of the goals: to keep potential Clinton voters (which include wavering left-wingers, African-Americans, and young women) away from the ballot box, to “suppress” their vote, as one senior campaign official told Bloomberg in the weeks before the election. These “dark posts” – sponsored news-feed-style ads in Facebook timelines that can only be seen by users with specific profiles – seem to have been highly significant in Trump’s election;
  17. In a statement after the German publication of this article, a Cambridge Analytica spokesperson said, “Cambridge Analytica does not use data from Facebook. It has had no dealings with Dr. Michal Kosinski. It does not subcontract research. It does not use the same methodology. Psychographics was hardly used at all. Cambridge Analytica did not engage in efforts to discourage any Americans from casting their vote in the presidential election. Its efforts were solely directed towards increasing the number of voters in the election.”;
  18. Confusingly the Cambridge Analytica website states “Powered by smarter data modeling At Cambridge Analytica we use data modeling and psychographic profiling to grow audiences, identify key influencers, and connect with people in ways that move them to action. Our unique data sets and unparalleled modeling techniques help organizations across America build better relationships with their target audience across all media platforms.”

ENDS

Mass Surveillance & The Oxford Comma Analogy

Acknowledgments, Contributions & References: This blog post was written in collaboration with and using contributions from Mr. Dean Webb (find Dean’s profile on PeerLyst). The clever and insightful bits are all Dean, the space fillers and punctuation are mine – except the “Oxford Comma” analogy, which even though it is lifted from @Grammarly on Twitter, is mine – and I like it (a lot). Enjoy.

Who Do We Like, Who Do We Dislike (Today)

Wearable tech is on its way, for surveillance during times when one is away from the vidscreen. But we need this stuff in order to protect against Eurasia. We have always been at war with Eurasia. We will always be at war with Eurasia until 20 January, at noon. Then we will always have been at war with Eastasia. And then we will need all this stuff to protect against Eastasia.

On a more serious note, anonymity has been dead for quite some time. As an example, about 10 years ago Dean Webb was running a web forum for students involved in an academic competition.

He and other teachers had volunteered to be admins for the board. They had a student that began to harass others on the board and post some highly inappropriate material. They banned his account, and he would connect again with another account.

So, Dean took down the IP addresses he’d used for his accounts and did a quick lookup on their ownership. They were at a certain university, so he contacted that university with the information and the times of access and they were able to determine which student was involved.

He was told to stop posting, or face discipline at the university. That got him to stop.

Simple Methods, Complex Implications

The point is, that IP address and timestamp for most people is going to be what gets them in the end. They don’t know what a VPN is from a hole in the ground, let alone what a TOR node is.

At best, most of them will use a browser in anonymous / incognito mode, without realising that cookies are still retained and updated, credit card transactions remain on the record, and ISPs will still retain IP address information with timestamps.

It could be argued that a Layer 2 hijacking of someone else’s line is the way to go anonymously, but that involves a physical alteration of someone’s gear, and that means physical evidence, which is very difficult to erase completely.

Even if anonymity is not completely dead (mostly dead, perhaps?), it is certainly outside the reach of most people because they lack general IT knowledge about the basics of the Internet.

I (Graham) was met with the following comment when I posted a tweet some time before Xmas 2016 about Identity Theft:

“despite the hysteria the theft of most peoples personal information is / will be inconsequential”

The use of the word “inconsequential” by the commenter on my post reminded me of the hilarious Doctor Evil therapy session monologue in the Austin Powers movie when Doctor Evil stated, when asked about his life, that “the details of my life are quite inconsequential”. But 60 seconds of monologue later it was quite clear that they were far from “inconsequential” – it is a matter of perspective as to what is and what is not. That is the problem. And that is the potential worry.

Threat Awareness & Counter Measures

The vast majority of people and their browsing habits are innocuous. The point though that the comment misses and which is the point that Dean makes in his comments about the average John Q. Citizen’s awareness of the threats and the countermeasures available is that the public in general has moved their private communications on to a platform where they do not understand the implications of the ability of externals to eavesdrop or to store and reference data at a future point.

There was a blog post I (Graham) made some time ago about the risk of “profiling” and of “false positives” and the threat that they posed especially with respect to miscarriages of justice. (See “The Sword of Islam” story below)

The point is not whether “the theft of most peoples personal information is / will be inconsequential” or the storage of most peoples browsing history or contacts with other parties is / will be inconsequential or not – the point is that it can be made to look very different to what was actually happening originally.

Like a misquoted partial comment in a newspaper article – actions taken out of context can look very different.

The Oxford Comma Analogy

Recently I posted a tweet about the Oxford comma and it does indirectly inform the point that I am trying to make here:

Excerpt begins from Grammarly

“Unless you’re writing for a particular publication or drafting an essay for school, whether or not you use the Oxford comma is generally up to you. However, omitting it can sometimes cause some strange misunderstandings.

“I love my parents, Lady Gaga and Humpty Dumpty.”

Without the Oxford comma, the sentence above could be interpreted as stating that you love your parents, and your parents are Lady Gaga and Humpty Dumpty. Here’s the same sentence with the Oxford comma:

“I love my parents, Lady Gaga, and Humpty Dumpty.”

Those who oppose the Oxford comma argue that rephrasing an already unclear sentence can solve the same problems that using the Oxford comma does. For example:

“I love my parents, Lady Gaga and Humpty Dumpty.”

could be rewritten as:

“I love Lady Gaga, Humpty Dumpty and my parents.”

Excerpt Ends

The analogy serves to demonstrate one of the main concerns of mass surveillance and mass retention of user data. People are now being profiled and tracked and their behaviours stored and analysed and they do not know why or by whom or for what purpose – they barely understand how to use a browser.

In the wrong hands that potentially makes them cannon fodder. Accuse me of being alarmist and dramatic – fair enough – so did everyone four years ago when I wrote about mass immigration as a weapon, the rise of radical Islam and the dangers of the USA supporting a sectarian Shi’a government in Baghdad, the marginalisation of Sunnis and the Ba’ath party, the randomness of the Arab Spring, the threat of Libya turning into a terrorist haven and so on.

The point is people ignore these developments at their peril but you may as well be talking to a concrete block. You can make all the compelling philosophical points that you like to someone but if they do not have the capacity to understand them then you are wasting your time.

And most of our politicians fall into that category.

Mass Profiling, Mass Surveillance Will Be Inconsequential Until It Isn’t

Dean once met a man named Saifal Islam. He has a devil of a time getting on an airplane because a terror group has the same name – “Sword of Islam”.

He is constantly explaining that the man (him) isn’t the group (them) and that he’s had his name longer than they’ve had theirs. That, yes, the group (them) should be banned from getting on airplanes, but that, no, the man (him) should be allowed on the plane.

Hell of a false positive, and that’s not the only one. Mismatches on felon voting lists, warrants served to the wrong address for no-knock police invasions, people told that they can’t renew driver’s licenses because they’re dead, the list goes on.

Be happy in the knowledge though that your data is apparently “inconsequential” and this privacy debate and the growing intrusion on your personal life is all “hysterical” alarmism.

You can use that statement when you are in the dock defending your very own hysterical “false positive” – no charge.

The next post will be “KarmaWare & Thieves of Thoughts” again in collaboration with Mr. Dean Webb.

ENDS

Official Government Response to “Repeal the new Surveillance Laws (Investigatory Powers Act)” Petition

Dear Graham Penrose,

The Government has responded to the petition you signed – “Repeal the new Surveillance laws (Investigatory Powers Act)”.

Government responded:

The Investigatory Powers Act dramatically increases transparency around the use of investigatory powers. It protects both privacy and security and underwent unprecedented scrutiny before becoming law.

The Government is clear that, at a time of heightened security threat, it is essential our law enforcement, security and intelligence services have the powers they need to keep people safe.

The Investigatory Powers Act transforms the law relating to the use and oversight of Investigatory powers. It strengthens safeguards and introduces world-leading oversight arrangements.

The Act does three key things. First, it brings together powers already available to law enforcement and the security and intelligence agencies to obtain communications and data about communications. It makes these powers – and the safeguards that apply to them – clear and understandable.

Second, it radically overhauls the way these powers are authorised and overseen. It introduces a ‘double-lock’ for the most intrusive powers, including interception and all of the bulk capabilities, so warrants require the approval of a Judicial Commissioner. And it creates a powerful new Investigatory Powers Commissioner to oversee how these powers are used.

Third, it ensures powers are fit for the digital age. The Act makes a single new provision for the retention of internet connection records in order for law enforcement to identify the communications service to which a device has connected. This will restore capabilities that have been lost as a result of changes in the way people communicate.

Public scrutiny

The Bill was subject to unprecedented scrutiny prior to and during its passage.

The Bill responded to three independent reports: by David Anderson QC, the Independent Reviewer of Terrorism Legislation; by the Royal United Services Institute’s Independent Surveillance Review Panel; and by the Intelligence and Security Committee of Parliament. All three of those authoritative independent reports agreed a new law was needed.

The Government responded to the recommendations of those reports in the form of a draft Bill, published in November 2015. That draft Bill was submitted for pre-legislative scrutiny by a Joint Committee of both Houses of Parliament. The Intelligence and Security Committee and the House of Commons Science and Technology Committee conducted parallel scrutiny. Between them, those Committees received over 1,500 pages of written submissions and heard oral evidence from the Government, industry, civil liberties groups and many others. The recommendations made by those Committees informed changes to the Bill and the publication of further supporting material.

A revised Bill was introduced in the House of Commons on 1 March, and completed its passage on 16 November, meeting the timetable for legislation set by Parliament during the passage of the Data Retention and Investigatory Powers Act 2014. Over 1,700 amendments to the Bill were tabled and debated during this time.

The Government has adopted an open and consultative approach throughout the passage of this legislation, tabling or accepting a significant number of amendments in both Houses of Parliament in order to improve transparency and strengthen privacy protections. These included enhanced protections for trade unions and journalistic and legally privileged material, and the introduction of a threshold to ensure internet connection records cannot be used to investigate minor crimes.

Privacy and Oversight

The Government has placed privacy at the heart of the Investigatory Powers Act. The Act makes clear the extent to which investigatory powers may be used and the strict safeguards that apply in order to maintain privacy.

A new overarching ‘privacy clause’ was added to make absolutely clear that the protection of privacy is at the heart of this legislation. This privacy clause ensures that in each and every case a public authority must consider whether less intrusive means could be used, and must have regard to human rights and the particular sensitivity of certain information. The powers can only be exercised when it is necessary and proportionate to do so, and the Act includes tough sanctions – including the creation of new criminal offences – for those misusing the powers.
The safeguards in this Act reflect the UK’s international reputation for protecting human rights. The unprecedented transparency and the new safeguards – including the ‘double lock’ for the most sensitive powers – set an international benchmark for how the law can protect both privacy and security.

Home Office

Click this link to view the response online:

https://petition.parliament.uk/petitions/173199?reveal_response=yes

This petition has over 100,000 signatures. The Petitions Committee will consider it for a debate. They can also gather further evidence and press the government for action.

The Committee is made up of 11 MPs, from political parties in government and in opposition. It is entirely independent of the Government. Find out more about the Committee: https://petition.parliament.uk/help#petitions-committee

Thanks,
The Petitions Team
UK Government and Parliament

Ireland is NOT a Privacy Advocate

If Microsoft vs FBI required Ireland to publish the personal details of every facebook user in plain text on the front pages of the Sunday newspapers – then that is what would have happened. The view that Ireland is a Privacy ADVOCATE for the world whose lives are described on social media sites whose data is located in the Irish jurisdiction is a total myth. It is also a myth to believe that the Office of the data protection Commissioner in Ireland is a champion for Privacy rights with respect to the data held in the Irish jurisdiction by US multinationals.

Ireland Inc. For Sale To The Highest Bidder

Much like the bizarre appeal on behalf of apple‍ by the Irish government‍ with respect to EUR€13B of unpaid taxes as a result of the Irish FDI arrangement of convenience similarly the will or the expertise or the correct political pressure simply does not exist in the Office of the Data Protection Commissioner‍ to deal with the issues for which they are allegedly champions.

They simply play whichever tune the prevailing opinion of the relevant US corporation requires – that is where the political pressure versus the “correct political pressure” plays its part in this process. They are TOLD not to rock the boat or disagree with the stance required by the US multinationals.

Ms. Helen Dixon’s Professional Pedigree

Helen Dixon is the current data protection Commissioner in Ireland and previously was the Registrar of Companies at The Companies registration Office in Ireland. If I am one of two Directors of a Limited Company in the Rep. of Ireland and if I was in dispute with my fellow Director then I can very simply resign my fellow Director by forgery and appoint another in their stead.

I can issue what is called a B10 form, forge my fellow Directors signature and resign them from the company without being questioned. At the CRO signatures are not validated via the process that one often sees at financial institutions – comparing signatures against samples on file.

If my former fellow Director chose to appeal my forgery they will likely fail as the system is not designed for oversight. I can vouch for at least 50 cases where I know this to be true.

That is the level of oversight that Ms. Dixon presided over in that organisation. It is ironic that Ms. Dixon has now graduated to being the Data Protection tsar in Ireland coming from several years at the CRO where she utterly failed to implement proper rigour with respect to authenticating documents and verifying the veracity of submissions.

Perception of Ireland’s Financial & Data Protections Policies amongst EU Member States

In 2015 Dixon noted the negative comments she had been met with at various privacy events throughout the world since she came to the job as Data protection Commissioner. At one event, there was a view of Ireland that it sought to attract the big software multinationals with “questionable tax incentives” and that her office retained those jobs by “softly regulating them in data protection terms”. Seehttp://www.irishtimes.com/news/social-affairs/data-protection-commissioner-to-recruit-new-staff-1.2057948

Ireland & GCHQ

Have you heard of the new API exchange‍ arrangement (Advanced Passenger Information‍) that Ireland has with the united Kingdom – just in case you are visiting there soon. If not seehttp://www.independent.ie/world-news/europe/ireland-and-uk-to-share-all-passenger-data-within-weeks-34571665.html In March of this year speaking in brussels at an extraordinary meeting of the EU’sJustice and Home Affairs Committee‍, Frances Fitzgerald the Irish Justice Minister said she was finalising a statutory instrument‍ which will provide the legal basis through which Irish-based airlines and ferry companies can provide the UK authorities with API data‍.

GCHQ, the NSA & The Five Eyes

That’s GCHQ to you and I – an outfit so replete with uninhibited authority‍ to probe peoples lives that even the NSA had to send the PRISM data to them at GCHQ to process and access via the XKEYSCOREsystem as the outrageously intrusive patriot act still did not allow them the same powers compared to what GCHQ can do. And the Irish are sharing data with these guys at levels that would make your head spin. This public announcement in March 2016 re API data is just the tip of the iceberg.

How bout them apples 🙂 Irish and privacy advocacy – don’t make me laugh. Oops I am already.