Review of “Anon” movie

In the spirit of a lighter fare this Sunday.

Watching Anon (again) it is an interesting futuristic movie with a video recording of everything. Apparently everyone has a recording method and Clive Owen the actor, playing Sal Frieland is an investigator that needs to find a murderer. Apparently there is a hacker that goes into other peoples recording devices to kill some people.  This hacker(a woman) also has no digital record.

<<<Lots of Anon spoilers here in this post.>>>

The digital recording of this hacker is apparently so good that digital recordings of this woman are edited out of the library. As Sal sees the woman on the street, later the image is removed from the record.  The main library seems to be hacked by this uber hacker.  As more and more actions occur Sal notices this anomaly  more frequently.

Apparently the hacker built an algorithm to erase all images and recordings of herself in all other people as they walked by and saw her.

The Uberhacker also can edit real life records and add moving images (a train) into events as they happen.

To catch the hacker Sal has to try and hire her .

Sal’s colleagues perform a sting operation and are able to find all of her proxies (12 of them) to handle  all of the ways she covers her tracks. The Uberhacker tries to have an anonymous life, and does not go out unless having to.

 

There is a lot of sex and violence(lesbian, regular) in this movie,  Shooting with a revolver point blank and the  hacker does not seem to have any remorse. Also the interesting thing is the victims do not defend themselves, as they have no guns or any other weapons.

Later the commissioner is more upset of the uberhacker anonymizing rather than the murders themselves. Quote” I don’t care the victims no longer exist” I care that she doesn’t.

Another colleague:” Anonymity is the enemy”, we have to find out how she does it.

 

Sal has to meet her again(uberhacker) and she explains that she started erasing her life at eighteen.  (more sec scenes)

— Stopped midway —

First thoughts, it is an interesting Sci-fi movie with some new ways of running the future using video embedded in all people.   It seems that sex and violence is too easy to insert in these movies. I wonder if there isn’t a better way to make a murder and investigation more interesting. Less blood and certainly less sex scenes might actually invoke more thoughts as to what could be happening.  Anyway it starts out ok, as a murder-investigation-hacking.

why is this important? Because movies sometimes become reality, ever heard of:” Life is stranger than fiction?”

—-

The tale gets a bit strange when Sal sleeps with the uberhacker. she of course now looks closer at Sal while deleting all the just created sex scenes.

But most interesting the guy who was keeping an eye on Sal (Lester) she killed him.

She then records a messge for him saying that if you try and find me I will kill you.

His other colleague came in and said that Sal let her escape and kill his buddy.

“Go home” take some time off.

When Sal is in his apartment uberhacker really goes to work, after he has a short conversation with her (via text) she now oroceeds to create a nightmare scenes for him, starting with a guy punching him, a dog attacking, and then she does something even worse by erasing all of Sal’s memories of his son’s accident and all memories of his son.

Now things really get interesting when Sal’s building is on fire (in his head only)

Then  she starts to add scenes where there is no traffic in a busy intersection. Which creates an accident.

Now his boss comes back to discuss the situation, and while he is in the neighborhood Sal gets arrested for shooting his neighbor and gets placed under house arrest.

Sal has to go outside and punch his overwatch agent with his eyes closed.

His boss said they will hire more hackers.

then as Sal finds the uberhackers apartment she claims that she did not kill Lester.

He claims the hacker was hacked, and his boss says you can’t prove this.

That is the problem – nothing proves anything since it can be manipulated.

Sal us placed under double house arrest now.

She placed a loop in his eyes while creating a false officer down, allowing Sal to get back to her apartment while noone is looking and following.

Except the hacker(Cyrus) that hacked the uberhacker was there too, once a shootout happens Sal kills Cyrus.

Sal’s boss was mad that the uberhacker was released.

uberhacker explains that she created an algorithm that creates microfractions of her life and stores it in everyones record. so that no one sees her.

Near the final scene uberhacker(Anon) explained this to Sal and said that the killer had to find him and her so that Sal could help her kill him. “That was close” says Sal.

What do you have to hide?  Anon said nothing in particular, I just don’t want to be seen.

So this movie makes an interesting twist of a standard murder mystery which happens to show corruption in the government and police forces (a recurring theme in many movies).

While also setting up an interesting Sci-fi  of the recording and hacking methods. Of course making a movie which pretends all of these things happened is easier than actually making a world that records everyone’s movements everywhere.

Thankfully we were not subjected to hours and hours of monotony in most people’s lives in this movie. Cooking and using lavatories were not important in a short movie that had to flip through the scenes quickly.  Besides the storage requirements for all, and the actual privacy  concerns of all seems to have been glossed over.

My most interesting point for this movie was when the bureaucrats decided it was better to control people than find out who performed blatant crimes. Also in this system they did not audit themselves, so the system was rife with corruption.

Auditing yourself may have its uses.

The Enemy Has Say With Your Best Plans

In the field of Cybersecurity we have to do a lot of basic things: as discussed in Behavioralscientist.org

So what is your plan?  Firewall, Antivirus, IT people vigilance, updating devices and software…

What are your enemies’ plans?

When your enemy actually interacts with your employees it  shows.

There are always business level threats (where employees are spoofed) or  (vendors are spoofed).

Do you have a new device with Machine Learning? (a basic type of AI (Artificial Intelligence).  Then the enemy will do something to counteract that.

Adversarial Machine Learning.  It will go against your ML goals, and will try to eventually corrupt your goals by adding faulty data and thus changing your assumptions of the data set.

Another way to use Adversarial Machine learning is to use this method to ‘teach’ your ML to get better  results. It turns out that some ways of GAN (Generative Adversarial Networks) do just that.

For Example:  “Adversarial Machine Learning at Scale” paper from Cornell University   First sentence:

“Adversarial examples are malicious inputs designed to fool machine learning models.”    

Improving the ML learning models if done right. This method has not been used by criminals, as they are still figuring out how to incorporate this in their attacks.

So they may not use this as an adversarial attack, instead they may devise ML attacks which will be hard to distinguish and will become better faster.

Ian Goodfellow (the guy who created GAN – Generative Adversarial Networks) has used the adversarial nature to make a better AI algorithm. Where has this already worked?  Initially he was looking for a Security reason within the AI world, and when he created GAN, it was obvious that he was making AI better.

Who would have known, but AI is creating new images of cats that are entirely  ‘fake’ or better ‘artificial’. the algorithm created a new type of cat picture where needed.

Meow Generator ML algorithms that design cat pictures.

So what does this really mean? Fake pictures of people, animals and other items will start to proliferate.

It remains to be seen how this aspect of AI is actually going to be useful.

Do you want to test ML for Cybersecurity?

We are developing new tests for AI and ML – contact US to discuss.

Malware, Routers Injected, Stolen Identities, Just Another Cyberday

A few headlines in a day or 2 – are typical day at the Cybersecurity Office.

 

Verizon Routers command injection flaw could impact millions of routers. High Severity flaw CVE=8.5.

“The vulnerabilities exist in the API backend of the Verizon Fios Quantum Gateway (G1100), which supports the administrative web interface.”

Exodus Spyware attacking Apple iOS. It is interesting what started as an Enterprise tool to do surveillance or some other control of the Apple devices was turned into spyware by the bad guys.

“Several technical details indicated that the software was likely the product of a well­-funded development effort and aimed at the lawful intercept market,” researchers said in an analysis shared with Threatpost

2.4 million Blur password manager users exposed   since a server exposed a file containing sensitive information about Blur users information (name, email, password hints, encrypted Blur password).

The hits just keep on coming. We are bound to have more data breaches this year 2019.

So what does it really mean? Is there a higher threat level today versus yesterday?

Here is the Internet Storm Center Infocon status:
Internet Storm Center Infocon Status
So even with more breaches the Internet still has a Green level…  This is the explanation of ISC:

“The intent of the ‘Infocon’ is to reflect changes in malicious traffic and the possibility of disrupted connectivity. In particular important is the concept of “Change”. Every host connected to the Internet is subject to some amount of traffic caused by worms and viruses. However, once a worm has been identified and the number of infected machines is no longer increasing, this traffic is not likely to cause any disruptions.”

But what does the effect of all of these breaches have?  I can hear the business people talking… None of these companies went out of business so why should I upend my business, spend a lot more money to do things more securely?

Do we always have to do things only to make more money? How about doing what it takes to make sure your customers do not have to spend time fixing their credit lives after a breach?

 

Remember even Windows10 has a lifecycle and will not update patches after a certain date:

Contact Us to discuss how to avoid getting a breach in the first place.

 

No Mas- Uncle!!! IT Departments Under Siege

We are inundated with constant headlines

Thousands and sometimes millions of records stolen by hackers(the bad guys).

In fact the worst breaches are health records as in this article at Forbes.

“The number of annual health data breaches increased 70% to 344 over the past seven years, with 75% of the breached, lost, or stolen records – 132 million – being breached by a “hacking or IT incident,” a nebulous category created by the government that doesn’t appear to distinguish malicious theft from accidental loss.”

The difficulty of people losing control of their health records has not been felt yet. What will happen when a ‘fake’ medical record already received your monthly pharmaceutical allotments?

The crush of constant attacks and patching environment in the IT department causes much stress.

We have monthly patch updates for operating systems (Microsoft Windows) and the underlying software (MS Office, Adobe, Java, Financial SW, Cisco and others).  The patches and vulnerabilities never end.

Next month there are new vulnerabilities and new ways that an attacker can achieve their aims.

Here is a snippet of the CVE Details website  

Since 1999, there have been 112364 vulnerabilities, sometimes 16k in one year. This is a huge crush of constant updates in the IT departments of the world.

There is only so much time to install patches, to make sure the servers and systems are operating. So sometimes we have to make risk assessments:

Every department has to decide which systems to fix first. Make the decision with Risk – Impact analysis. I.e. which system if compromised will create more problems than other systems.

This constant crush of patching is exacerbated the more systems one has. As systems are not standardized the patching gets more complicated and vulnerabilities pile up.

So why do i say No Mas(No more)? It is because there is no end to the tough schedules, there will always be off hours patching, and off-hours work. No matter your personal lives or otherwise issues that arise in a regular life.

Having someone check on whether your systems are properly patched can help, as the high vulnerabilities should be the highest priorities. from there the medium vulnerabilities should be tackled. For PCI compliance one must work and resolve any vulnerability over 4.0

Contact Us to discuss

Windows10 Obsolete already?

Is your Windows10 version obsolete already?  there are many versions of Windows10 and it depends on when it was released, example – the first one version 1507 released July 2015 has a end of service date of May 9, 2017.

The problem is every software manufacturer  Can’t or doesn’t keep releasing  vulnerability updates forever. The reason has to do with structural and other programmatic changes that would make some updates very difficult to incorporate. In fact in some cases it would be a herculean task to make changes, so it is a monetary and feasibility reason as to why there is and end of service date.

Now that you know that there is an “end” date what needs to be done?

Update to new version of Windows10!!!

Here is the lifecycle table for Windows10 versions from support.microsoft.com webpage

So as an IT user or professional we must learn the technical nature of our devices. Microsoft does not want to issue a version update like in years past:

I.e. version 3.0(1990) with first multi-task abilities, then 3.11 with networking. When 4.0  was due that became WindowsNT and 95.  As the marketing team took control of the naming of new Windows Operating systems the version changes(1.0/2.0/3.0/4.0) were not reflected in the names, only as an additional “version” number.

My version is relatively new (released April 2018), so I have until Nov 2019 until I _have_ to make a change.

Now Microsoft is at Windows10 and with a 4 digit version number.  The actual numbers do not have a significance except that it tells you when it was released and when it will have end of service life only if you look it up in a Microsoft End of Service Table.

There is another reason to keep a close eye on this End of service date, as once the version is obsolete, no more updates will be made and you are out of compliance with your systems.

At the Microsoft End of Service webpage there is an interesting sentence:

“Some editions1 can defer semi-annual feature updates at Settings  >Windows Update >Advanced options or via a policy that an organization’s management system may provide to the device. On devices that haven’t been configured for deferral, you’ll need to install the latest feature update to help keep your device secure and have it remain supported by Microsoft. New versions may be automatically installed prior to the end-of-service date of the current version on your device.

1 Home edition does not support the deferral of feature updates and will therefore typically receive a new version of Windows 10 prior to the end-of-service date shown.”

So in theory the windows Update will update the Windows version before it expires and no longer updates on its own. But for those of us in IT that have managed hundreds of systems, not all systems update correctly. You cannot assume all systems will updates on their own.

It is best to have someone review your systems which can be done in an automated fashion by scanning the systems. If an old Operating system is present the scan will reveal a high vulnerability (10 out of 10).

Since the system will not get any more updates, the system has to be initiated to upgrade.

Contact US to help you with this process