Come tutti gli anni dovrei avvertirvi di non cadere in truffe, finte collette e cose del genere.
Like every year, I should warn you not to fall for scams, fake fundraising and things like that.
Ma quest’anno ho deciso di cambiare!
But this year, I decided to make a change!
Per #Natale e #Capodanno basta cadere in #truffe da sconosciuti.
For #Christmas and #NewYear, stop falling for #scams from strangers.
Basta #donare a persone che non avete mai sentito nominare con storie strappalacrime!
Stop #donating to people you’ve never heard of with sob stories!
Basta #credere ad organizzazioni farlocche!
Stop #believing in fake organizations!
Basta farvi #raggirare da gente ignota!
Stop letting yourself be fooled by unknown people!
Quest’anno fatti raggirare da chi conosci!
This year let yourself be fooled by those you know!
Fatti raggirare da me!
Let me fool you!
Prometto che spenderò tutto per fini egoistici miei.
I promise that I will spend everything for my selfish ends.
“Offerta libera” (<– giusto per la esigenza di non pagare tasse) minimo 30 euro
“Free offer” (<– just for the need not to pay taxes) minimum 30 euros
In cambio otterrete, via email, una autentica “denghiu card” fatta con un equivoco template free di word ed entrerete nella mia lista personale di possibili vittime di raggiri.
In exchange, you will receive, via email, an authentic “thank you card” made with a suspicious free Word template, and you will enter my list of possible victims of scams.
E siamo ancora sotto le feste, e ci troviamo ancora a dover ripetere, come tutti gli anni, le stesse cose.
Chiunque, come me, lavori nel campo della sicurezza informatica sa che non vi è niente di piu remunerativo che far leva sui sentimenti per estorcere dati, denaro o entrambi alle persone.
E le feste, come le disgrazie, sono un momento fantastico per fare leva sulla percezione ed i sentimenti della gente per trarne profitto.
Purtroppo il fenomeno non solo diminuisce, ma assume ogni anno nuove vesti e nuove forme, navigando tra social media, email, siti web e pubblicità online.
Per coprire la mia quota di servizio alla società civile vi condivido un semplice decalogo a prova di informatico per aiutarvi a proteggervi dalle insidie delle feste.
1. Carte regalo gratuite: i budget possono diventare limitati quando si trovano regali per i propri cari, quindi qualsiasi sollievo finanziario è il benvenuto. Tuttavia, potresti imbatterti in e-mail o annunci pop-up che offrono buoni regalo gratuiti. Diffidate di queste opportunità allettanti. Sono spesso uno stratagemma per raccogliere le tue informazioni personali che possono essere successivamente utilizzate per rubare la tua identità.
2. Scambio di regali sui social media: sei invitato tramite i social media a partecipare a uno scambio di regali, che sembra innocuo e divertente. Perché non dovrebbe esserlo? Se acquisti un regalo da $ 10 per uno sconosciuto, riceverai fino a 36 regali indietro! In realtà è una bufala con la stessa premessa di uno schema piramidale in cui si basa sul reclutamento costante di nuovi partecipanti. Meglio rifiutare rispettosamente qualsiasi invito a partecipare.
3. Lavori per le vacanze: non è raro che le persone vogliano fare qualche soldo extra con un lavoro stagionale. Devi solo stare attento alle truffe sul lavoro, soprattutto quando i rivenditori e i servizi di consegna spesso hanno bisogno di ulteriore aiuto durante le vacanze. Fai attenzione alle sollecitazioni che richiedono di condividere informazioni personali online o di pagare per un lead di lavoro.
4. Truffe sui cuccioli: gli animali domestici fanno grandi regali, ma ci sono molti che dovresti prima considerare. Se decidi che è la decisione giusta, fai attenzione ad adottare un animale domestico online. Potresti finire con un cagnolino o niente. I venditori di animali falsi possono attirarti a pensare che stai prendendo un amico a quattro zampe, solo per prendere i tuoi soldi e non consegnare.
5. Truffe romantiche: se quella persona “speciale” che hai incontrato online diventa rapidamente interessata ma in difficoltà e chiede soldi, tieni alta la guardia. I truffatori possono apparire come un soggetto per cui hai sviluppato un interesse romantico, ma con l’intenzione di sfruttare le tue emozioni per il proprio tornaconto. Proteggi il tuo cuore e il tuo portafoglio!
6. Truffe di viaggio: sia che tu stia viaggiando per celebrare le vacanze con i tuoi cari o cercando un clima più caldo, i viaggi per le vacanze possono essere costosi. Le occasioni online per offerte migliori possono essere allettanti, quindi assicurati che le offerte siano legittime.
7. Siti Web fasulli: lo shopping online è conveniente soprattutto quando si cerca di evitare la corsa allo shopping natalizio. Quando fai acquisti online, assicurati di utilizzare solo siti Web legittimi. I truffatori utilizzano URL molto simili a quelli dei siti legittimi. Controlla sempre l’URL prima di effettuare un acquisto e diffida dei siti in cui il nome del marchio è incluso con URL più lunghi.
8. Borseggiatori: mentre la maggior parte dei truffatori tende a concentrare i propri sforzi online in questi giorni, il borseggio avviene ancora. Ricordati di salvaguardare i tuoi effetti personali durante lo shopping, specialmente nelle aree affollate. Nonostante quanto tu possa essere agitato, non lasciare mai le tue cose incustodite.
9. Regali contraffatti: quando beni di lusso e altri articoli costosi vengono offerti a un prezzo stracciato o con provenienza discutibile, è probabile che si tratti di merce contraffatta. Raramente si ottiene la stessa qualità di un originale e, in alcuni casi, il denaro finanzia attività illegali come il traffico di droga e il lavoro minorile.
10. Email malware: non essere veloce a cliccare! Fare clic sul collegamento sbagliato o scaricare l’allegato di un truffatore può causare la diffusione di malware sul computer. Questo virus informatico o “bug” può rubare informazioni personali o persino tenere in ostaggio il tuo dispositivo a meno che tu non paghi un prezzo. Link e allegati possono presentarsi sotto forma di e-mail o pubblicità pop-up.
Lo so che le sapete queste cose, ma sono sicuro che l’amico del fratello del cognato del cugino del vostro vicino non è cosi aperto.
Can you make a resume of the year even if we are only on November 14th? And why not?
First of all, I wanted to apologize to those who had wondered what happened to me, but it has been an intense year from different points of view: personal, work and family. I have significantly reduced my presence here for reasons of survival; I put in good intentions to return.
A difficult year. It started under the signs of the pandemic and the war, and then cancer to move on to stratospheric energy bills, to the damage of bad weather, to health problems in the family, up to the last painful but tragicomic health problems. I can not say that I loved this year in a particular way.
But, even in the shadows, a light must be seen, and therefore I also had satisfactions, things that have improved even beyond expectations and others that, in hindsight, could have been worse.
Where have I been?
If writing a long text had become extremely expensive, I found consolation in Twitter, where my vein of pernicious irony has a more suitable home. There I discovered a funny world between conspiracies, egotisms, and assorted sarcasm, voluntary and not.
It served me to refine the ability to make irony and sarcasm in a few characters, which for someone who is naturally long-winded like me is certainly a useful exercise.
Obviously, being ” 2022″ always ” 2020-2,” Elon arrived to make everything more interesting, bringing the twitterer on the verge of perhaps oblivion.🤣
What I learned (if I learned anything)
Those who know me know that even in the worst situations, I prefer the levity of a smile to the heaviness of seriousness.
For the umpteenth time, I have found that this thing often clashes with an idea of seriousness that is all in form and not in content. Not that it bothers me; on the contrary, it amuses me.
Once again, I found confirmation that few use numbers for what they are, and the most bizarre interpretations are always at hand. I must never assume that the person I speak to can understand a statistic or graph: I always specify the context, the nature of the data, and how it is represented.
But do you know if this were not where the fun would be?
Resolutions for the future
Beyond the obvious, survive, I would say that I would like to resume attending these shores, and resume the discourse interrupted with the Email Files and expand the perimeter
Thank you for the friendship I have collected in recent months, see you soon
World Economic Forum Risk Report 2022 is exciting reading.
Being aware of the risk is necessary to address them and understand the landscape we live in.
It is also a great way to see how risk perception changes year by year.
Looking at the short-term global risk picture, we can see we have weather and climate; economic risks are not top of mind. We have “infectious diseases” to remind us that a pandemic can happen, and we have, some years now, “Cyber Security failure.”
Since I work in the Cyber Security field, I have had, as evident, immediate interest in the cyber security section.
Data from the report are interesting, but I think that we should understand what those data tell us, so let me do some examples:
“95% of cybersecurity issues can be traced to human error“
the global risk report 2022
Means: Train people, put the correct processes in place, put proper technology in place with a people-centric approach to address the “human” factor. If 95% of cybersecurity issues are related somehow to human error, we have to consider human behavior into the equation. This means that the technologies and processes we put in place should tell us the risk related to our people. People make mistakes, are attacked, are exposed to stakes that can hit our assets. Without understanding this, we will not address the overall risk we face in cybersecurity.
What to do: We have to properly raise awareness and protect communication channels used by people because there will be where a skilled attacker will try his\her move. But in an ever-changing landscape, this is not easy nor enough. For example, we should continually update awareness programs according to people’s current risks and train people based on their risk exposure. This means that our security technology should understand the user risk exposure. This information should be available for the awareness program, and the other security implemented technologies.
At the same time, a security awareness program should be able to monitor the understanding and knowledge of the users and use this information as a parameter not only to deploy the training needs for the specific set of users correctly but also to report the user vulnerability in the user risk rating.
Addressing 95% of cyber security issues caused by humans requires understanding why humans fail and what drives them to make mistakes. This does not require a boolean approach but a complex construction of the context of the risks in a holistic way.
“Insider threats (intentional or accidental) represent 43% of all breaches”
the global risk report 2022
Means: the risks do not come only from outside; the problem can be internal, you have to monitor where data goes, and data do not move by itself; people move data. Again people are the key.
What to do: Data are not all the same, and handling data can be a problem if the data express critical information. Sensitive data, Private data, Intellectual Property, there are dozen of reasons we should protect what makes our digital world “digital.”
But data should be kept alive. Otherwise, they are useless, so people have to access, manage, modify data. But we have to do it correctly and securely. Data does not move; people move it. Data does not change; people change it. And when handling data, people can do a series of actions that, considered an atomic action, are legit. Users can read, modify, move, copy, and delete data.
So how to understand the threats? We should realize the danger not by a single indicator but by the sequence of action performed on the data. And we should be able to do it in a simple way. Simple means I do not have to die to do this check, and I have to understand what sequence of action is potentially dangerous.
“Malware increased by 358% in 2020, while ransomware increased by 435%,
the global risk report 2022
Means: where do malware and ransomware come from? How is it activated?
What to do: Where does malware come from? If 95% of the cybersecurity issues can be traced to humans, I would probably assume that humans are the primary targets used to trigger malware and ransomware. There is the exploitation of vulnerabilities, the use of backdoors, and other fine technicalities, but, according to the report, those address 100% – 95% = 5%. But again, how do humans get in touch with malware or ransomware? How do they trigger it? Email and browsing are probably the most used channel. This consideration per se should address our security spending, focusing on Prevention (trying to stop things from arriving at users), remediation, and, yes, once again, education.
“There is an undersupply of cyber professionals—a gap of more than 3 million worldwide.“
the global risk report 2022
Means: When planning technology deployment, be sure it is easy to manage, provide information that is easy to be understood, give you context. You probably will not have dozens of skilled specialists, so make your investment effective otherwise, you’ll waste your money and security.
What to do: The undersupply of cyber professionals is a plague we will bring with us for some years more. The problem is that a cyber security professional has experience, knowledge, flexibility, and commitment. All those things are expensive and require time to be developed. This means it is not easy to foresee a solution that will quickly fill the gap. We can train more people, but we need to wait until they get the correct experience, and we have to incentivize people to pursue a career that requires constant learning, critical thinking, stress, and passion.
We will not have unlimited plenty of people at our service easily; this means that we need to ease the load of the cyberpeople providing tools, technologies, and consoles, that will make their lives easier, not harder. The easiest way is to plan your security investments, focusing on integration, automation, and visibility. Context and Threat Intelligence should be the way to understand what is going on and focus on the most dangerous threats.
Reading reports is not just reading cold numbers but is a way to understand the actual landscape and the close calls to action.
Belarus was on the news recently for the discussed reelections of its leader Alexander Lukashenko. Suspect that the election process was not honest and clear is not insignificant.
Malian coup d’etat is just one of the many we listen to periodically in several parts of the world.
I wrote recently on Trump threatening to not agree to leave his office in case he will lose the next 2020 elections.
Reading or listening news we can easily make a shortlist of how difficult it is to have in place and maintain such a thing known as democracy. In the Middle East and Africa, we have a lot of countries who have been struggling to land there for a long time now. But also in the old sweet Europe, some countries struggle to find an acceptable level of democracy, Poland, and Hungary, as an example, struggle between authoritarianism and European values.
Not to forget the various democracy leaking European parties that from time to time come out form some elections.
Why democracy is such a hard habit to take?
Do we really need a democratic system?
And, even more important, what is Democracy?
What does Democracy mean?
Democracy is a form of government in which all eligible citizens (we should say people) participate equally—either directly or indirectly through elected representatives—in the proposal, development, and creation of laws.
The name was taken from the ancient Greek δημοκρατία (dēmokratía) “rule of the people” and comes from demos (δῆμος people) Kratos (κράτος rulespower) the term is an antonym to ἀριστοκρατία (aristokratia) “rule of an elite” although even Athens would not be considered a democracy in our time.
As a form of government the key points to consider are related to how we decide that a citizen is eligible, the form of the institutions that will be elected and the extension or limits we have in the proposal, development and creation of laws. Theoretically those points are, or should be, the main differentiators that allow us to choose our representatives.
All over the world, we have different ways to express those points. For example, a citizen is eligible because of some conditions as:
is a citizen
has reached a certain age
has specific other condition like census or gender or criminal records and so on.
This seems quite easy, right?
Well, we should first ponder whether someone needs to be a citizen in the first place: in some countries, you are allowed to participate in some elections (usually local ones) even if you’re not a citizen but just a resident (or, at least, you have different levels of citizenships).
The idea of citizen is even not so easy: we could be citizens because of jus soli (right of soil) or jus sanguinis (right of blood) or a mix of both. We can be citizens because we, somehow, acquire this right. It is all quite variable. So in Germany, you’re not considered German if you do not have German blood (jus sanguinis) otherwise you would be an Ausländer (Gaijin in Japan), while in Italy it is enough to born inside the country or to have Italian blood.
And if we use age as criterion, well when someone could be considered mature enough? We in ol’Europe usually put this line at 18 years old, but it is not so everywhere. So the question is not barely easy even from a basic point of view.
In literature we find different kinds of democracy (liberal, oligarchy, direct, representative…) and different kinds of democratic forms of government: constitutional republics, such as France, Germany, India, Ireland, Italy, or the United States, or a constitutional monarchies, such as Japan, Spain, the Netherlands, Canada, or the United Kingdom. It may have a presidential system (Argentina, Brazil, Mexico, the United States), a semi-presidential system (France), or a parliamentary system (Australia, Canada, India, Italy, New Zealand, Poland, the Netherlands and the United Kingdom).
And then we should consider the other implications related to the term democracy; the assumption is so hard that philosopher Karl Popper “simplified” the question making the assumption that democracy is where there is not tyranny or dictatorship and people is able to change the people at the government without a revolution.
What a Democracy is not?
If defining and understanding democracy is so difficult then one could already see in that the reason why so many democracies look flawed. But somehow if we cannot say what is, we can still say what it is not.
Democracy is not “our way of life”
Do you think that yours is a democracy because you are used to do something? This is a slippery floor. Something you consider normal could be considered crazy in other places even if both the places are considered “democratic” by their respective citizens. So if in USA you have in the constitution the right to bring weapons with you (and consider this a sign of progress, justice and democracy) we in Europe think exactly the opposite, and few exception aside (like Switzerland), people holding a gun machine are not considered a portrait of freedom and rights.
The same can be told for other things: death penalty is considered a barbarian heritage here in Europe while China, USA, North Korea and some countries in the Middle East consider this a sign of civilization.
Democracy is not an economic model
Capitalism is not a synonym of Democracy, and communism is not an economical model but a social model with economic implications. I always think of poor Adam Smith turning in his grave in Scotland every time he is named to justify modern capitalism and radical economic liberalism. The most used tags of our last centuries are completely misunderstood or misrepresented. When mixing different things together you may well obtain a salad but not a coherent theory. An economic model does necessarily fit the purpose of democracy, and capitalism, as an example, has driven right wind dictatorships as well as western democracies.
Democracy is not “this religion”
While religious people have the right to be represented in a democratic system, in a theocracy this is not always the case. This is not to say that a “confessional” form of democracy cannot exist. Let’s consider Iran as an example. It is a “democratic” Islamic republic, which means that the corpus of the law was coming out from the religion and so most of the rules, but the representatives are “democratically” elected inside this system. As a matter of fact, the form IS a democratic system unless you believe that religion should be completely disjointed from the government and the law. This is the case of France, where all religions are respected but the government and its ethic are secular.
Democracy is not “against a religion”
The relationship between democracy and religion is not always easy and sometimes the different ethics and rules collide. But for sure the meaning of a democratic system could not be to fight a religion, even if the religion itself is “anti-democratic”. Besides I’m not aware of religions that are strictly antidemocratic.
Democracy and democratic are not synonymous
While there can be no democracy without a democratic system, a democratic system can be present in non-democracy governments. Democratic systems are based on a form of government in which the people choose leaders by voting. So even a monarchy can be democratic while not clearly a democracy. At the same time, religious-based systems that are managed through a “democratic” election can not be considered democracy at all. Iran is a critical example of a place where the laws and the rules depend on a not democratic source (the religious clergy circle guided by the ayatollah. Ayatollah is an honorific title for high-ranking Shia clergy in Iran that came into widespread usage in the 20th century.) but the form of the state require democratic elections.
Democracy is not the only government system that works
In different ages and different countries some systems have been more effective than others. And sometimes there have been changes. In ancient Rome they started with elected kings to move then to a Republic than move to different form of governments to end with the dictator, the emperor. Kings still exist in our age, and can be elective (as the Pope in Vatican) or by blood streams (UK, Spain, Sweden, Holland, Japan, Thailand …) , bound to a constitutional law or not. As a matter of fact a King in a modern constitutional monarchy is a dictator that more or less graciously passed some of hisher rights to the parliament. A dictatorship is just a form of government where the dictator is the ruler and the driver of its people. And the dictator can be elected even with democratic instrument as happened to Adolf Hitler in Germany. There can be different forms of dictatorship as in monarchical absolutism and theocracy. Even if nowadays dictatorship is usually related to authoritarianism and totalitarianism, those are not synonyms of dictatorship and authoritarian or totalitarian form of governments can be also be dressed with a republican or elective outfit.
So Democracy is not a lot of things we are used to consider as democratic. This does means that “freedom” and “democracy” are not the same things, but they could to coexist in a sound environment. Democracy is not either free of speech or religion, but they can be part of a modern democratic system. To be clear a “democratic” system can be something different form a democracy, and the electoral process does not identify a democracy per se.
Democracy is not Human Rights
Don’t be fooled by marketing, Human rights and democracy don’t go hand in hand. While a democracy (and any other system) should respect human rights the truth is that even the biggest democracies do not always accomplish it. Instruction, death penalty, personal rights, privacy, health, there are thousands of Human Right violation even in the modern democracies.
Democracy is not “We are the Good”
Just to be clear living in democracy can allow us also to make the wrong choices. The fact that the majority want something does not necessarily means that that “something” is good, right, ethical, moral or just simply sound. While democracy has implications in terms of some moral and ethical constrains (I will talk about some constrains below) that does not mean that a democracy have to be peaceful of working for the “greater good” of mankind. Democracies, like the other forms of government, tend primarily to promote and preserve themselves even if this require to overcome freedom or rights of external entities. Somehow justified by some “greater good” or “people need” or “national security” even the greatest democracies do not hesitate to use force and impositions against other countries to preserve their own benefits and interests.
Some clear democracy requirements
There are, anyway, some clear requirements to be able to implement a democracy. Requirements that seem obvious, may be, but not so universal:
There should be an elective procedure of some kind, ruled somehow and the voters should be able to move inside those rules without any external constrain. In other terms, people should be able to vote “freely” inside the set of rules that match specific democratic models.
A democracy should recognize the existence of different points of view, and this has some implications. In a democracy, there could be a majority, but for sure there will be minorities and those have to be protected by the system to avoid becoming a totalitarian one. Religious, political, cultural, ethnic, census minorities do have the right to be represented in some form. In democracy have to be implemented “super partes” controls that are needed to force the majority to respect rules and minorities.
In a democracy, all eligible people have the right to be informed to allow themselves to form an opinion.
In a democracy, all eligible people have the obligation to inform themselves in order to form an opinion.
The starting point of a democracy is the will of the people to live in such a system. By definition, democracy cannot be imposed, while can be imposed a democratic system that does not lead directly to democracy.
Those implications are mandatory and are bounded in the ethical and moral standard of a democracy.
The first point outline that cannot be a democracy without a democratic system. The key here is the respect of the rules, no matter what those rules are. It is not a specific rule (age, census, gender, religion …) that mark the difference, but the fact that the rules have to be the same for all the eligible ones. If for some reason a system adopts strategies to adjust the result of an election or force somehow people against its will then we have a great deficiency in terms of democracy. This is not a rhetorical point; when some party try to impose an arbitrary change of rule to target part of the eligible people to force them to modify their voting status, as in recent Unites Stated discussion over mail vote, democracy is threatened and the result questionable.
The “free” vote inside the rules also imply the existence of the third and forth points.
If for some reason we change rules in order to not allow a specific population to vote we are acting against democracy even if we played according to the local legislation. This is a typical example of a collision between law and ethical and moral standards. And this is not just a developing country issue, someone will remember all the democratic party rumors and complaints related to Florida when Republican Bush Jr. was elected for the 2nd mandate.
The second point contains the greatest number of unattended needs even in the so-called advanced democracies. Every system presents its soft spots and black holes, no country is immune. To mention old Europe think of Scotland, Ireland, the Basque region and Cataluna in Spain,.
The third and fourth points, on the right to have access to information, concerns me the most and are, in my opinion, crucial in all the democracies under construction.
If the whole point of democracy is being able to vote knowing what we are doing, we should be able to be as much knowledgeable as possible. The idea behind is that to be able to make a conscious choice we should be able to analyze and criticize what is proposed in order to make our opinion freely. Lack of information, knowledge, and ability to critically analyze it is a serious limitation in terms of democracy.
If you don’t know you cannot choose
Knowledge is the basis for any conscious choice, if we don’t know we have to trust more or less blindly. The problem here is to be able to find sources and verify facts. If we don’t do it we just simply make some act of faith and treat democracy as something that is not a religion. Democracy cannot be a religion because is a system that does not contain the truth inside, but just try to balance the different truths in the best effort way. A critical, and probably the biggest flawed, point is to be able to discuss and then decide. But, as someone may be remember, there is not a discussion without the assumption that we could even change our mind. If our starting point is “I am the truth” there will not be a discussion but a monologue, and so we will be right outside the democracy moral and ethical standards.
Knowledge is power, this is more real in a democracy where everyone is responsible for the free expressed vote, and its consequence. Basing a choice over an assumption like “you are wrong anyway” is just not the right thing.
Alas watching some scary threads on the various social networks remind me how little “critical thinking” is applied in nowadays political life. And I’m not talking of my country, but everywhere.
Numbers, historical facts, objective results are simply not considered. And sometimes to support a theory some “Dude, what are you talking about?” facts are presented as gospel even if have a little or no link with solid facts and history. And funny enough sometimes there would be plenty of good reason in support that are not even known or used.
Typical example is the worldwide obsession with immigrants. USA, Europe and even Asia and Africa are plenty of discussions based on dumb or untrue assumptions, wrong facts, tampered presented numbers and statistics. Follow a twitter thread to understand what I’m talking about. Very few times have I seen discussions based on fact.
They don’t want, they don’t know; why do you expect it works?
So let me recall: democracy is a very difficult environment that requires knowledge, will, application and sacrifice. There are specific needs that have to be respected and an overall agreement by all the involved parts.
Democracy is not a religion, does not have all the answers, ou contraire, is a system based on the assumption that the answers can be different and equally valuable.
It requires that all the part respect each other habits and ideas and will to discuss openly. On those assumption is quite understandable that implementing an election systems does not means to have introduced democracy in a country. By its nature democracy cannot be forced, because if you force someone to democracy there is not democracy at all, remember what Karl Popper say there is not democracy if to change the form of government you have to use a revolution.
The very pillars of democracy are will, knowledge and respect of the minorities, if a country is not ready to this every form of government will be less than a democracy, no matter if it is ….*
*Put the next country with elections you want where the dots are.
At 08:14 and 45 seconds on August 6, 1945, the American bomber Enola Gay dropped “Little Boy,” the bomb that destroyed about 90% of the buildings in the Japanese city of Hiroshima.
Hiroshima today @getty
A devastating flash of lightning, the shockwave, lives broken.
The devastation and rubble are there, but then… Then the rain and the dust, the real beginning of the horror.
Lives are broken by the radioactive fall-out that follows, condemning to death or unspeakable suffering thousands of people, women, men, children, young people, old people who will suffer for years the consequences of hell brought to earth in the name of peace.
Three days later the horror is repeated in Nagasaki, a bomb dropped more out of the need to test it than for real military reasons. And the target is linked to the damn fate, the bad weather prevented the bomber from reaching the real target, Kokura, but Nagasaki is down there. It doesn’t matter if it is the least aligned Japan’s city, the most open, and with a strong Christian community. A bitter irony.
Urakami Tenshudo, a Catholic cathedral in Nagasaki, destroyed by the atomic bomb and with the dome upside down.
Pain and a wound that will continue for years. A pain that has never had a message of apology.
In American ethics, there is a deep sense of their absolute impunity linked to their sense of moral superiority over the world. The blame lies with the Japanese, they have always repeated it, and since winners write the history, the whole narrative leads there.
Of course, if you talk to the Japanese, the story sounds different, but they lost, their version doesn’t count.
Let’s clear up a monstrosity like the release of atomic power on the civilian population does not cancel the faults and horror that imperial Japan caused during the war.
Manshūkoku Flag
What the Japanese did in China, the Manshūkoku or as the Chinese say Mǎnzhōuguó (Manchukuo for English speakers) was the scene of horrors beyond imagination, a wound that cries out horror from the depths of the soul.
But two horrors do not cancel each other out, they add up in the deafening roar of an annihilation of humanity.
Today it remains a memory that many people do not understand or do not want to understand, not only in the West, even in Japan itself.
But for a minute we close our eyes, we relive that flash that wounded humanity and left the wound open, a wound that will not close until we make amends for our responsibilities.
Today we mourn civilians who have died, immolated to the idea that there is a higher value than them.
We tell ourselves it will never happen again, but I don’t believe it that much.
Probably everyone now has, at least, heard about the EJC sentence called Shrems III that basically rules out the possibility to use Privacy Shield infamous agreement to allow data transfer between EU and USA based on the fact that the USA does not provide enough guarantees EU data will be protected.
If you don’t know (but you should) here my previous article:
After the sentence one of the question was: what now?
Will a Grace period be offered to survive this? (lot of companies were transferring data using privacy shield to USA)
And most of all does SCC will be enough?
The answer my friend, is blowing in the wind...
er no actually there have been some FAQ form the EDPB that should call to action fel local authorities.
According to the new FAQs of the European Data Protection Board on #SchremsII decision, if you want to transfer personal data to the US under the SCCs or other means, you will have to notify the data protection supervisory authority. This approach will oblige companies to perform a massive amount of work since the notification will have to be definitely accompanied by an assessment as to the adequacy of the data transfer mechanism. Are companies and SA ready to handle this large amount of work?
While some Authorities do have not yet reacted (and this is not a surprise for Italians, I am afraid) some others (wonder who) have made a statement that clarifies the doubts that can eventually rise up and not solved by the EDPB’s FAQ.
The Conference of German Supervisory Authorities (DSK) issued its statement yesterday about the consequences of the #Schrems II judgment that, as we can imagine, is completely aligned with the EDPB position. There are some points that are critical on the matter:
Data transfers based on the Privacy Shield are no longer allowed and all companies must immediately suspend them
This is a critical point since I am quite sure there are companies that do not even know their data were delivered to the USA under Privacy Shield. I would like to remind you that if an audit from the authority knock at your door something like: “I don’t know”, “I don’t remember” will not save you. GDPR requires that you, company, prove you have done your duty in a concrete, effective way, so not paper compliance here allowed. Just to make life easier I would love to remind you also that this is not just the German way, and sooner or later the other authorities will align with such requirements.
Transfers based on the SCC require an assessment of the adequacy of the context and the supplier
And here we have the headache since it is not “optional” the assessment is mandatory. This comes as an obvious consequence to the fact in the EDPB FAQ it is written to be allowed SCC’s transfer should be communicated to the authority. Now this means, for some of you so naive that was thinking, I can send a mail to the authority telling, “hey chap I use SCC do not worry” does not work like this. For some reason they want you to prove you did your duty.
The use of SCC for the transfer of data to the United States, in the absence of additional guarantee measures, it is not sufficient to legitimize the activity
And of course, if you send your data to a country that does not guarantee the privacy of EU citizens and residents, well, your duty is kind of complex. And let be clear and brutally honest (while usually I am obscure but kind rotfl) this will require the active cooperation of the vendors that offer you services because you need solid proofs and not just paperBS.
There is no “grace period”
And this means you need to do this right fucking now.
And just for the sake of my Italian fellow countrymen, this means that even if our authority is under a sleeping spell and did not react yet, you have to act nevertheless because again an audit will knock and you will have show you’ve done the right thing. But the “garante” did not tell us nothing will not be an excuse to avoid non-compliance (with the relative consequences).
Time for DPO to start working and earn their money 😂🤣 (Is a joke I know many DPOs already do something)
I was not in the mood to write again on GDPR, there are soo many experts here my voice would be useless (and I Know my fellow accomplices of the #quellidelfascicoloP would agree) but I could not refrain myself from this.
Max Schrems did it again and Privacy Shield is gone as his predecessor (safe harbor).
This should not come as a surprise, well not at least at this side of the pond. I understand the USA does not have a clue on what we’re talking about, privacy is also a cultural matter and we have a profoundly different approach here, but European fellows should not be surprised at all.
Basically what happened is that EJC agreed with the basic concept that if the processor is in a country where the European data will not be treated fairly then it will not be safe nor sound to send data there.
But this was the main idea behind privacy shield: the USA has a privacy and data protection framework that is not aligned with European rights and laws but to not stop business we (European) will accept to jeopardize our rights with a framework that is way less effective and strict compared to what it is imposed in Europe.
Mr. Shrems is not new to have a problem with this approach and moved from court to court to the EJC to force them to rule on the subject as he did for the infamous safe harbor.
So we were all expecting this and should not come as a surprise, in the end, we should remember that the USA under several arbitrary conditions (as an investigation moved from NSA) do not need a judge to come and see data stored in the USA (they do not care even if the data are stored outside, another story) and they do not care if those data are related to a European Citizen, do not feel any need to inform European authorities and the European citizens and, under their framework, does not have a problem performing massive surveillance and data gathering (remember Prism?).
Now that the “privacy shield” was doomed as soon as this matter arrived at the EJC was something many of us were expecting, but the “Privacy Shield” is not the only way to allow data exchange between us and them.
There is also something called SCC – Standard Contractual Clauses. A ruleset agreed between the parties that determine how to deal with data coming from the old world to the new one.
The European Court of Justice on this (Case C-311/18) told us those clauses are effective and valid so only privacy shield has been affected. But if we read the things a little deeper and closer we realized that EJC provides us an interesting point of view on ECC.
The European Court says (in paragraphs 134 & 135) that:
“[…] as the Advocate General stated in point 126 of his Opinion, the contractual mechanism provided for in Article 46(2)(c) of the GDPR is based on the responsibility of the controller or his or her subcontractor established in the European Union and, in the alternative, of the competent supervisory authority. It is, therefore, above all, for that controller or processor to verify, on a case-by-case basis and, where appropriate, in collaboration with the recipient of the data, whether the law of the third country of destination ensures adequate protection, under EU law, of personal data transferred pursuant to standard data protection clauses, by providing, where necessary, additional safeguards to those offered by those clauses.
Where the controller or a processor established in the European Union is not able to take adequate additional measures to guarantee such protection, the controller or processor or, failing that, the competent supervisory authority, are required to suspend or end the transfer of personal data to the third country concerned. That is the case, in particular, where the law of that third country imposes on the recipient of personal data from the European Union obligations which are contrary to those clauses and are, therefore, capable of impinging on the contractual guarantee of an adequate level of protection against access by the public authorities of that third country to that data.”
The upshot of this is that it is not enough to simply have SCCs in place but that due diligence also has to be undertaken, and possibly additional protections added. That due diligence will need to be done not only on the other party to the agreement but also on the legal regime in the country where it is based.
Data protection authorities across the EU will also be expected to step up their enforcement of the data transfer requirements of GDPR including looking at how organizations are using SCCs. This comes at a time when investigations in most EU countries are on the rise.
In one sense, because the European Court has ruled that SCCs are valid, it’s business as usual concerning SCCs. However, as the European Court has indicated, even where a business relies on SCCs, data protection additional due diligence may still be required. Additionally, it is expected that under GDPR the European Commission will be revising SCCs – so businesses may at some point in the future need to adapt/update their existing SCCs.
It is, therefore, above all, for that controller or processor to verify, on a case-by-case basis and, where appropriate, in collaboration with the recipient of the data, whether the law of the third country of destination ensures adequate protection
This means that even if the agreement between two subjects is under SCC this is not a safe pass to heaven, and the data controller is not released from his\her\its duty to verify the data are processed fairly and correctly. And the legislative framework of the country where data are moved\stored has to be taken into account.
I have been recently interviewed on 5G issues and this made me realize how confusing is the knowledge and understanding about 5G.
Most of the time, when I heard on mainstream media comment about 5G I find form one side apologetic wonders of how this or that vendor with 5G can solve all human problems, form the other side fears related strictly to the fact that 5G today means Chinese or European vendors, for the first time in years the USA is not leading technologically a strategic sector.
even lesser I heard about the link between 5G and IoT and what this means.
Generally speaking, most of the discussions on IoT are focused on devices and not as a system, as well in most of the case I seldom find consideration related to 5G implementation and security. This is quite annoying from my point of view since security in IoT (I wrote about that on The IoT files) is more than the single device security and 5G security issues are not related to Huawei spying us.
And to say the truth from my point of view (Italian and European) would not make much difference if the spy comes from China, Russia, the USA, or the UK.
The first problem I to understand if there is a relationship between IoT and 5G. Well, the relationship is kind of simple: with the current technologies, the IoT is hardly limited due to connectivity, IP and bandwidth issues. 5G aim is to overcome those limitations offering broadband connectivity that can support IoT needs. this will require investment, change of business models and…wait to read this go to my previous IoT articles, I called them the IoT files because there is so much thing to say an article can not cover everything.
Turning back to the point so, 5G is the technology that can glue IoT in terms of connectivity, but what does it mean? Well, when we listen to 5G we listen to how we can create smart cities, how we can connect cars together so they drive better and safer with autonomous drive and so on.
5G is exactly about this, allowing all this to happen.
All typos are because I never read slides back, lol forgive me
Almost everything you heard about IoT requires 5G to become reality because current mobile broadband would not be suited to cover those needs, we are not talking about a test with a few cars that can communicate over 4G but billion of devices somehow interconnected with different priority needs, bandwidth needs, security, and privacy needs.
Basically anything that is recently referred to as “SMART something” and IoT will be bound to a technology that will allow fast, secure and reliable data connections.
As of now, 5G is the answer but, there is a problem, the champions of 5G technology aren’t from the USA and the biggest player is Chinese (Huawei holds the highest number of patents on 5G technology).
All typos are because I never read slides back for proofreading, lol forgive me 😂
This thing that can be irrelevant is actually the big issue at the moment, so big that all serious consideration on 5G is demanded as an afterthought in a second-level line of consideration.
Geopolitical technology and economic issues are at the moment the rising stars, make enough rumor to cloud judgment and to move attention to serious issues.
I am not saying that those are no problems, and I agree nations should try to defend themselves, but targeting the wrong point on 5G will not help to address correctly “ab Initio” the complex problem that 5G will bring home. and the main reason behind this is that if you ask what is 5G, the answer is…just a faster mobile network.
If speed would be the only reason behind 5G I would kindly agree that geopolitical issues are the obstacles, but 5G is not just “speed” is way more and the 5G security issue goes beyond the specifics of the connectivity offered at broadband level but goes into the core of what 5G has been designed for: services.
All typos are because I never read slides back, lol forgive me
we use to think that broadband mobile develope was only more speed, but actually, speed has never been the only target, speed and services always have developed hand in hand.
from a mobile perspective, 1G was offering 2.4 kbps and was designed to allow mobile phones, it was no less, no more than an extension of your home wired phone. Basic voice services and an analog protocol, low bandwidth was all we needed. issues were more at the infrastructure level so no time to bare with things that were not even in customer imagination at that time.
the real revolution arrives with 2G, it’s broadband, it’s digital (GSM, CDMA), can carry data, more stable…a revolution. we were able to send text, see caller number who was not enjoying it? and some mobile phones start to offer even a graphic screen and games (like “snake”). who really care about speed, that actually moved from 2,4 kbps to an astonishing 64 kbps?
The nice thing about 2G is the introduction of the idea that mobile phones can be so much more than a simple device to phone, and text messaging was there to prove it.
You see when the consumer space sees the opportunity for cool kinds of stuff that can make the market big, the vendor will follow. With the pressure of the internet and the new services a new need for data rise up and here you have 3G.
3G was not only tremendously faster than the predecessor but was designed with the need to transfer data.no simple text messages, you can have internet in your phone now.
Again the real difference with 2G was not “speed” but the kind of services you were bringing on board. so as a natural evolution from the old internet we moved to the new one with video, streaming, chatting and so on. A new class of services was required here the need for something more, something new 4G.
And as a matter of fact, besides the speed, the real need for 4G (or the not so cool but hey better than nothing 4.5G) was video capability.
The services drive the speed so the speed is just a consequence of the needs the technology has to address.
But if we limit to consider just the usual way we use the internet (facebook, youtube, YouPorn, LinkedIn, wechat-weixin, WhatsApp, Instagram, ticktock and so on) we could just add some megabytes more to our 4G (is what 4,5G does by the way) but here comes IoT.
IoT brings way more devices on the internet, with their needs in terms of bandwidth, connectivity, quality of services. all of this requires new technology, and being ambitious why then not thinking to make this technology able to address even the LAN\WAN realm?
This is not so stupid, the telcos have always tried to gain space in the LAN\WAN market, money can be a huge driver, the telco activities with the enterprise was related to offering connectivity to internet and voice service. The revenues for analog voice services were hight but VoIP lower dramatically the incomes since it was cheaper putting Telcos in a difficult position. If internet broadband services for home users have been a good business it requires substantial infrastructure investments that are not always covered by the revenues, hence the digital divide.
But 5G can turn all this upside down, justifying the investment that was not so cool, because 5G means all in telcos hands!
All typos are because I never read slides back, lol forgive me
If 5G is the backbone of IoT and Smart X this means an incredibly big market for telcos, since telcos will provide 5G connectivity. this is why telco vendors are so interested in 5G, alas this is a world also where security has always been a secondary issue if not a neglected one, so we cannot expect that security will be addressed correctly if other players will not put their nose in.
From this point of view governments and regulators could play a key role in leveraging security and privacy by design and by default in the 5G world design, alas at the moment all seems to be more focused on boring geopolitical issues than the real stuff
All typos are because I never read slides back, lol forgive me
In the 5G challenges, there are a few that are easy to spot if we understood that 5G is the IoT backbone. Without the lousy arrogance to think to be exhaustive here some that should, at least, taken into serious consideration:
1) fast connectivity between devices, this accordingly to the device\service need. not all IoT devices are born equal in terms of bandwidth, data processing, quality and sensitivity of data an so on, being able
2) segregation of traffic, that means every group of device that are under a specific service instance should have its traffic isolated and protected from the other ones. I would not enjoy my personal photo shared everywhere if the IoT device is my home HDDstorage where I put them. segregation of traffic is the minimum level of security we have to think of when we plan a broadband multiservice environment.
3) Quality of service is a key factor here, even if the bandwidth is incredibly hudge this does not mean that there will be no latency or bandwidth bottlenecks, and some services have to be granted no matter what, telemedicine, telesurgery just to name a couple should be prioritized upon watching youtube.
4) authentication and authorization are not less important, we need in a heterogeneous environment bein able to authenticateand authorize with the correct level of permission every single device on every single service it needs to access and with its user ownership. failing this point will means access to anyone…
5) multivendor environment, this can seem a minor issue but in an ever-growing connected devices-users-services environment being able to reassure all the stuff will work seamlessly is not so easy. maybe someone remembers issues with a famous leading network gear vendor and the nic auto speed detection protocol? standard not always mean standard, but this can open a serious breach to operativity and security if not addressed correctly.
6) not all will be 5G at the beginning, and probably when the legacy world will end we will be on 6G (which will rid of part of the infrastructure leveraging peer to peer connection directly at the device level), 7G with 5G as the old stuff. so 5G will have to deal with ethernet as well as 4G as well as what will come in the future. A gateway between the different technologies is not so simple since service definition can differ.
7) in particular, the existing mobile environment and LAN/WAN battlefield should be carefully considered, form one side we still have 3G, form the other side LAN\WAN vendor will fight back to keep their domains intact. so will be an interesting battle where again, standards and regulators could drive a little light at the end of the tunnel (hoping it is not the train)
and more could be mentioned but if I want to continue better to stop with this list.
if you are here to read means you are interested in the subject, I am impressed and thankful 🙂
So the backbone for IoT will be, at least at the beginning, 5G network wich, just to be clear, is still on implementation. If we think of what is IoT definition:
The Internet of Things (IoT) refers to the ever-growing network of physical objects that feature an IP address for internet connectivity, and the communication that occurs between these objects and other Internet-enabled devices and systems.
we can try to assume then that internet connectivity will be more and more 5G
All typos are because I never read slides back, lol forgive me
which should now clarify why speed is just one of the many issued of 5G and why 5G is not just bare connectivity but something should manage services. so now we should understand what this “service” word means here.
Basically a service is a mix of devices, connectivity, data, process and users that can be grouped somehow. There can be thousands, millions, billions of services under this simple definition (i know is mine but worth everyone to understand the point).
the main point is that services are not all the same: HTTP browsing can be a service under 5G and video broadcasting as well, the 2 are different in nature and in terms of requirements.
All typos are because I never read slides back, lol forgive me
different services require different needs and for once speed can be a good example to understand the point: what is speed?
the very concept of speed can vary from service to service, so consider the automotive and smart road ideas. In this scenario, we will have a small piece of critical data exchanged from one car to another and/or the infrastructure that has to be processed and transmitted as fast as possible. seems easy but we should consider that the cars are moving and the traffic can be largely unpredictable (I don’t know when someone will decide to get into the car to go somewhere, I can not predict if external issues will modify viability as crossing pedestrian, not in the dedicated areas, problems with the state of the road, holes, weather, flood, heartquake, superman vs batman and so on)
So here speed means very low latency, quick authentication and authorization, fast address resolution, and reliability at least. probably I should add geolocation and other critical missing point but I think we have an idea.
On the same hands if I have to move a big chunk of data, well speed means mainly bandwidth, QoS and conflict resolution if more agents/objects/users are trying to move the same os nearby data. so if you are trying to align your data center with your new cloud one and you want to move some Coperbyte of data and as well your neighborhood want to do this well we have to manage the bandwidth somehow…
Of course, if the need is just to browse and watch movies your needs are focused (remember we are in 5G) on DNSresponse and video-voice sync.
But since in a billion IoT devices there can be billions of services that at the moment do not exist, we need to create an environment able to define the need in advance (or wait for 6G for new services implementation).
so broadening the argument here 5G for IoT should, at least:
1)Segregate different services
A different class of services should be independent one to the other
Services should be arbitrary and the service set required should be one of the services definition parameters
2)Allow QoS for critical ones
Not all services are the same, internet browsing is not a running truck on a highway, a surgical operation is not like watching porn on your phone
•Smart devices like smartphones use a double connection wifi internal/sim external
•…
We know if we want to see what we have in our local storage we move data internally (At least we hope so) our gateway to the internet is our router which (should) provide some basic security stuff as firewalling and a minimum authentication at least for wifi internal connectivity. We live in a private network where connectivity is basically ethernet and wi-fi and we go on the internet with a natted address shared by all devices. Probably we have some devices that do not have a real internet exposition, other that goes just to search updates, some that connect to a web service to allow you to check and configure things and finally some that go to the internet by themselves for unknown reason (Alexa like, ROTFL). Ah, do not forget your smartphone that has both wi-fi and your 4G\4.5G connection with apps to manage both your internal LAN and the web interfaces of your LAN devices.
what 5G will change here? of course everything absolutely everything.
Everything is already on the internet
•All devices are able to connect directly to the 5G network and have public addresses
•Providers of 5G connectivity can be different and bound to users and/or device
•Devices need to know their «internal» realm in order to understand which device can be trusted or not for internal communication
•Different 5G providers have to guarantee device interoperability, segregation and security as devices were in a segregated LAN
•Internet communication should be controlled and monitored as it was a single one
Autonomous driving and smart roads are actually as fun as home networks but for the opposite reason, here we are talking about something does not exist yet, and the few test and implementation, by all means, are not a serious example of what means interaction of IoT vehicles.
the reality at the moment is simple:
•Cars do not talk to each other
•Cars do not talk to the road infrastructure
•Roads use sensors for limited scope (traffic light, street light)
•Limited information is provided by broadband connectivity (as Radio Traffic where available)
•Internet connectivity provided by car SIM or smartphone
•Some app can connect to the internet and provide indications as navigators do
•Some apps can provide autonomous analysis of traffic
•Different car-service interact with road infrastructure
•Cars and car devices are equipped with 5G capabilities from different 5G providers
•They need to be bound with the owner\owners
•They need to recognize trustable information data source
•They need to interoperate independently from the 5G provider
•They need to cover the services even when crossing country borders
•…
with 5G is clear the need for fast reliable ubiquitous and vendor\provider independent connectivity.
maybe we should expect virtual sim configured to comply driver need, but what if 2 or more people share the same car? and what kind of interaction with your smartphone and other smart devices?
let explore some consideration on the most slippery of the 3rd example, trying to move from LAN\WAN to 5G (the telcos’ dream)
What we have today (more or less):
•There is an internal (LAN) and an outside
•internal services are protected by firewalls and other security technologies
•Connectivity is provided through NIC or WI-Fi using TCP/IP protocol leveraging usually private addressing and natting to reach outside resources
•Internal resources are accessible directly internally or through a web service\web interface externally
•Resources external to the LAN are accessible trough router/firewall upon natting and authentication/authorization
•Users external to the LAN connect to the internet through mobile broadband or through Wifi
•To connect to internal resources users are identified and connected through VPN or other secure means to the LAN
•…
do I really need to describe what is the current situation? lol 🙂
what would change with 5G?
•Almost all devices are 5G connected
•Connectivity is provided by different 5G providers and can be public (using public infrastructure) or private (5G infrastructure is local)
•Interoperability has to be guaranteed regardless 5G provider or device manufacturer
•Interoperability has to be guaranteed with LAN/Ethernet previous environment
•Segregation of the internal devices has to be guaranteed as in a LAN
•Security devices should be able to work seamlessly regardless of the hybrid LAN/5G environment
•Mobile users should be able to be part of the internal network for the services in use even if they are using their own device
•…
this scenario requires a careful understanding since we have all the security problems we have in a normal network implementation plus the fact all devices can reach the internet directly and are directly exposed because of their addressing, segmentation requires multiple levels since some segment can be internally nested to others (something like we today use VLAN) and all this should communicate with the legacy world, since it is not credible an immediate takeover of 5G against LAN\WAN. Moreover, all legacy security world should be able to interoperate with the new one.
this kind of scenario is compatible with a full cloud adoption less agile with hybrid or full local implementations.
Here security and privacy issues rise up to the next level since the disintegration of the concept of LAN, started with the introduction of mobile users and BYOD, extend to almost every node but with less clear control of what is going on.
5G security, if we understand some of the implications I mentioned before, embrace a way larger concept than what people generally think. Here we are not just thinking how to secure an encrypted communication channel, which is, by the way, a clear basic requirement, but extend on how to broker, manage and control services that run on 5G.
I do not have an easy answer to this, I have seen different proposals to address such problems, as an example a central security service broker that takes into account all the request and, accordingly to rules, AI, magic and tricks solve everything.
ok, do you know those beautiful phishing emails claiming a bad guy hacked your email and take pictures or videos of you doing bad stuff?
I receive tons on my personal accounts, and usually, I answer to them asking to share the videos so I can publish on my socials as well and become famous, rotfl, alas the bad guys never react…. (I know I am so childish)
so let me share with you last one:
Analyzing the headers I saw my friends sent the email from a chinese address (how nice to be renown from such a distant place) well this means it is a not so advance spoofing and did not take on my account, disappointing, but, hey, we cannot be too picky isn’t it?
Source IP Address
125.65.255.28
Source IP Hostname
28.255.65.125.broad.ls.sc.dynamic.163data.com.cn
Country
China
State
Sichuan
City
Liangshan Yizu Zizhizhou
Zip Code
undefined
Latitude
27.8816
Longitude
102.267
ISP
Chinanet
Organization
Chinanet SC
Threat Level
high
and here the email, sorry my email client is in Italian but the meaning should be clear, lol
08/08/2019– on this day I hacked your OS and got full access to your account antonio.ierano@ierano.it
You can check it – I sent this message from your account.
After that, I made a full dump of your disk (I have allyour address book, history of viewing sites, all files, phone numbers andaddresses of all your contacts).
This means that I have full access to your device andaccounts. I’ve been watching you for a few months now.
The fact is that you were infected with malware throughan adult site that you visited. If you are not familiar with this, I willexplain.
Virus gives me full access and control your devices.
This means that I can see everything on your screen,turn on the camera and microphone, but you do not know about it.
I also have access to all your contacts and all yourcorrespondence.
Why your antivirus did not detect malware? answer: Mymalware uses the driver, I update its signatures every 4 hours so that your antivirusis silent.
I made a video showing how you satisfy yourself in theleft half of the screen, and in the right half you see the video that youwatched.
With one click of the mouse, I can send this video toall your emails and contacts.
If you want to prevent this, transfer the amount of $762to my bitcoin address (if you do not know how to do this, write to Google:“Buy Bitcoin”).
My bitcoin address (BTC Wallet) is:1Q2pVgd9YradB42risptr8tsydKrVDSD2A
After receiving the payment, I will delete the video andyou will never hear me again. I give you 48 hours to pay.
I have a notice reading this letter, and the timer willwork when you see this letter.
Filing a complaint somewhere does not make sense becausethis email cannot be tracked like my bitcoin address.
I do not make any mistakes.
If I find that you have shared this message with someoneelse, the video will be immediately distributed.
If I find that you have shared this message with someone else, the video will be immediately distributed.
Now I want to be sure the guy understands I shared his email so my videos will be shared as well and I will become famous, so please can you share it as well? LoL
NOTE: I suppose my phishing frined would be delighted if you send bitcoin at his/her/its address lol
NOTE on NOTE
I was kidding
NOTE on NOTE on NOTE
please do not fool yourself for those stupid scams attemtps
