Blockchain, Cryptocurrency, Consensus tokens, Russia and AMS systems

tendenci cloud security monitoring

The headline is ridiculous. But I couldn’t make this up in my wildest dreams. Yes, cryptocurrency, blockchain, and association management systems (AMS) are all interconnected. And the primary connection is Russia.

Stay with me for a second, get a cup of coffee, and read on.

First cryptocurrency isn’t a thing. It’s two parts. I try to explain cryptocurrency like this:

  1. BlockChain = Clipboard with a piece of paper. You check stuff in and out until you are out of paper. Some clipboards have more sheets of paper than others.
  2. Scarcity – Scarce object = some mathematically difficult to produce number. Or controlled by an authority like the Private Federal Reserve in the US.

Picture a clip board. And you are checking in and out some token. That token only has value if it delivers value. And the best way to determine that is really a classic economics popularity contest.

Note: This author does a GREAT job of explaining concensus capital: https://medium.com/@tompocock/consensus-capital-part-1-dff72ba39a63

These are not tulips. Blockchain is a tech that will disrupt everything from how we do a Turn-Around at the Olefins units at LyondellBassell, to how BP manages wind farms, to how carfax will be disrupted by a VIN blockchain startup.

What does this have to do with Association Management Systems?

Believe it or not, they are intertwined. So be careful on your selection of crypto for smart contracts. I’d recommend looking at HyperLedger  (https://www.hyperledger.org/) as an alternative to Russian Bank backed by Dmitry Buterin and his son Vitalik’s Ethereum .  ( https://futurism.com/ethereums-founder-struck-a-deal-with-a-russian-bank-to-create-ethereum-russia/ )

Not everyone in the crypto community is fond of Ethereum and Russian owned AMS Wild Apricot, now Personify, even in the crypto community. ( https://medium.com/@rateico_32282/how-much-would-you-sell-your-homeland-the-secret-of-ethereums-success-748f0b763c62 )

 

If you can’t access the code, self host if you want, and export ALL of your data when you want, well, why not? Why does anyone in the NonProfit / NPO / NGO / Association Management space tolerate that in 2018? It is 2018, right?

If you signed up with a company where the deal was “too good to be true”…. um…. ya, think that one through again. They have to pay people, so they are either funded by someone, or they are selling your data.

YOU are part of the problem with InfoWars and Propaganda in the US. (is that too blunt? Nope.) For example: Wild Apricot / Personify.

Wild Apricot, Russia, AMS
25% of American Constituents in Russian Backed Wild Apricot

Ethereum is at least open source ( https://github.com/ethereum ) so you can view the code. With the exception of Tendenci ( https://www.tendenci.com ) and CiviCrm, ( https://civicrm.org/ ) most AMS vendors aren’t open,  not even ones created and financed by Russia and the Chief Apricot ( https://www.linkedin.com/in/chiefapricot/ ), who is also coincidentally the father of Vitalik himself ( https://twitter.com/VitalikButerin ).

On the plus side, after years of joking about it, for once we can legitimately blame Canada and their dual-citizenships.

We’re building a wall with Mexico and allowing Russian company’s interests to mine Uranium ( https://www.csmonitor.com/USA/Politics/2017/1114/What-s-the-real-story-behind-Hillary-Clinton-Russia-and-uranium ) in the US. And Russian programmers to control 25% (according to the Personify web site https://personifycorp.com/ ) of US Constituents like Washington’s League of Women Voters ( https://leagueofwomenvotersofwashington.wildapricot.org/issues ) .

And then we act surprised that Russia is meddling in our elections and knows know how to target voters.. Baroo?

These are strange times. But yes, Canada? I’m looking at YOU!

And as a reminder, as if y’all needed me to state this again, but we strongly encourage you to use an OPEN SOURCE solution with transparency. If it’s Tendenci, WordPress, Drupal, CiviCRM, Joomla,

Just please stand up for what’s right.

Demand access and transparency.

Tendenci is a movement.

Tendenci is a community committed to open association technology.

Global. Multilingual. Collaborative. Positive. Respectful of your privacy and functional at a level as you would expect from a product approaching 20 years old.

Marissa Mayer Testifies Russian Agents Behind 2013 Yahoo Attack

Marissa Mayer

Nov 8, 2017.  From the Reuters article regarding former CEO of Yahoo Marissa Mayer’s testimony before Congress:

WASHINGTON (Reuters) – Former Yahoo Chief Executive Marissa Mayer apologized on Wednesday for two massive data breaches at the internet company, blaming Russian agents for at least one of them, at a hearing on the growing number of cyber attacks on major U.S. companies.

Having spent the majority of the last three years doing almost exclusively InfoSec and Security on the Tendenci SaaS Cloud, not by choice but out of necessity, I do feel a bit of vindication as they confirm the facts. This is DATA people. Not opinion. I see it every day.
Tendenci has always kept logs, but never before have we had to have three (and sometimes four) sets of logs kept in different locations. Log verification, audit, cross references, searching through millions of logs DAILY. Just the expense … it’s frustrating for us in the security community for several reasons:
  1. We can’t talk fully openly about it for confidentiality reasons

  2. We sound kra-kra.

  3. When we do, everyone thinks we are crazy and it’s a conspiracy theory.

It turns out reality is like an idiom, what everyone initially thought was wrong and like so many other things, people get silenced. That shit Cray . Oh, and that reference doesn’t mean what you think it means either. Because Jay-Z is smart as f*ck and he is making a damn point.

All I can say is … what he said. Because THIS shit is Cray.

By World Economic Forum – “An insight, an idea: Marissa Mayer” at Flickr, CC BY-SA 2.0, https://commons.wikimedia.org/w/index.php?curid=24851211

NSA tools release to Dark Web Date 2014 (likely earlier imho)

Kaspersky tools removal update. But keep reading – it gets better:

http://www.mcclatchydc.com/news/politics-government/congress/article180707721.html

Now for the punchline – They’ve documented that Kaspersky, a Russian company close to Putin, was hacked by Israel. Kaspersky security researchers have confirmed the NSA hacking tools existence when they discovered it in the spring of 2014. The article;

http://www.businessinsider.com/russia-kaspersky-lab-nsa-spy-us-computer-2017-10

In a statement, the company (Kaspersky) said it stumbled on the (NSA) code a year earlier than the recent newspaper reports had it (ed: Comey stated summer 2015), in 2014. It said logs showed that the consumer version of Kaspersky’s popular product had been analyzing questionable software from a U.S. computer and found a zip file that was flagged as malicious.

And it further states, again from the article:

Kaspersky’s Equation Group report was one of its most celebrated findings, since it indicated that the group could infect firmware on most computers. That gave the NSA almost undetectable presence.

Kaspersky later responded via email to a question by Reuters to confirm that the company had first discovered the so-called Equation Group programs in the spring of 2014.

So a Russian antivirus software found a zip file with NSA hacking tools in 2014. Hacking tools that target Microsoft and other business software, again, in the Spring of 2014. Confirmed by Israeli Security researchers who hacked Kaspersky.

Now, what they found was a compressed, portable, easily emailed or traded via email even as nobody else had the signatures to detect. A zip file.

A zip file.

For those unfamiliar with the industry, by the time an exploit is being traded in a 7 z it’s long been in the wild. That is the commodity phase of the economic curve.

The economics of the dark web have been researched and are well documented (hint: look at DEFCON and Blackhat presos from a few years back.)

If you are a reporter or security researcher – keep digging. Basic economics say it had to have been being traded early 2013 for high bids with a quick pricing decline as is typical with shrink wrap software.

It remained unpatched. Every company using common business software was, and probably still is, an open book. A trivial metasploit script and your movies, your directional drilling tech, your seismic data, patents, medical history, your porn habit, email, fb, you name it, was and probably still is wide open.

Bottom line: My opinin is the timeline of the NSA hacking tools being released is 2013. If not earlier. (But I’ll stick with my mid-2013 estimated release to the wildebeasts estimate.) NSA let them into the wild as discovered by Russians (current media puts this at 2014) who were then hacked by our allies Israel. Israel then reported this to the US.

And we did nothing. Think about it.

Just add that up and you get Russia hacking US companies and associations using our own tools paid for by YOU. NSA hacking tools discovered and reported to the US by our allies in Israel. 2014 or earlier.

What did NOT happen was responsible reporting to vendors like Microsoft who only patched it when the Shadow Brokers released it on github in 2017.  Thus from 2014 (or earlier), our allies, our foes, and our own security agencies did nothing to protect US intellectual property, infrastructure, companies, jobs, and people.

Noodle that one.

…. this story will continue to unfold. And if you are an investigative journalist, maybe ask around the community politely regarding who’s zoo had the code and when.

Update;  http://www.theregister.co.uk/2017/10/25/kaspersky_nsa_keygen_backdoor_office/