Friday Squid Blogging: Squid Product Recall

Lidl is recalling two of its packaged squid products because of the presence of struvite salt crystals.

The danger is unclear. The article says that struvite crystals "may be mistaken as glass fragments," which isn't actually dangerous. It also says: "As these salt crystals may cause injury, the product should not be consumed." Maybe it's the intestinal tract that mistakes the crystals for glass.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelines here.

Posted on November 3, 2017 at 4:12 PM • 79 Comments

Comments

AJWMNovember 3, 2017 4:50 PM

From Wikipedia: "Struvite is occasionally found in canned seafood, where its appearance is that of small glass slivers, objectionable to consumers for aesthetic reasons but of no health consequence.[5] A simple test can differentiate Struvite from glass.[6]"

It's only slightly soluble, except in acidic solutions where it's very soluble.

Corsaro_cs001November 3, 2017 5:57 PM

Tor Browser 7.0.9 is released

https://blog.torproject.org/tor-browser-709-released

This release features an important security update to Tor Browser for macOS and Linux users. Due to a Firefox bug in handling file:// URLs it is possible on both systems that users leak their IP address. Once an affected user navigates to a specially crafted URL the operating system may directly connect to the remote host, bypassing Tor Browser. Tails users and users of our sandboxed-tor-browser are unaffected, though.

Mike AmlingNovember 3, 2017 11:06 PM

ISTR that a symmetric cipher's key is as impervious to a quantum computer as a key of half its length is impervious to an ordinary computer.

What's the quantum computing impact on finding a discrete log and on finding an Elliptic Curve discrete log?

TatütataNovember 3, 2017 11:31 PM

Am J Public Health (NY). 1927 May; 17(5): 470–475.
PUBLIC HEALTH ASPECTS OF FOOD PRESERVATION
Carl R. Fellers, Ph.D., Fellow A.P.H.A
PMCID: PMC1321786

https://www.ncbi.nlm.nih.gov/pmc/articles/PMC1321786/

Struvite crystals (magnesium ammonium phosphate) have been found rather commonly in canned shrimp, crab and salmon. In a number of instances these hard gritty masses have been mistaken for glass. The substance is entirely harmless and appears to be a natural constituent of some canned foods.

MontecarloNovember 4, 2017 6:01 AM

So struvite crystals aren't a health risk and the recall is a form of security theatre. One form of theatre is to over-react to imaginary threats, giving the impression of extreme diligence.

Another form of theatre is to underplay real threats. For example, 'recalled due to struvite' sounds more innocuous than 'recalled due to botulism'.

Or maybe this is just an example of viral marketing. Companies may start to recall products for ever more spurious reasons just to grab consumer attention. This could eventually lead to products being recalled for being 'dangerous to the competition'.

AlejandroNovember 4, 2017 7:04 AM

@Anders

Re: Estonia ID Card certificate hack

Estonia is a small country with a population of just over one million and similar to San Antonio or San Diego, yet it is a leader of electronic technology, in particular at the government level.

Suspending all ID cards with defective certificates, which seems to include about most all of the adult population seems like a drastic move, but is typical for their light footed government and vision.

I think it's admirable.

AndersNovember 4, 2017 7:20 AM

@Alejandro

This move would be appropriate if ID card update to the ECC would work like a clockwork. In reality everything is just an opposite - servers are heavily ovarloaded, people try numerous time to update their ID cards online (read - 70 times, 100 times etc without luck), they brick their ID cards because the update process halts (overloaded servers, dropped connections), then people must go in person to the Police service bureaus, they stand there hours and hours, then they get the message that systems don't work, go home.

Moreover - lot of services don't work with the new ECC keys.

People are angry as hell. You can see from the gallery how people stand in queues.

http://www.delfi.ee/news/paevauudised/eesti/politsei-kutsub-programm-tootab-jalle-jarjekorrad-on-luhikesed-tulge-nuud-id-kaarte-uuendama?id=80062010

http://www.delfi.ee/news/paevauudised/eesti/fotod-rahvast-on-tabanud-id-kaardi-paanika-ppa-kontorite-uste-ees-oli-70-80-meetri-pikkune-jarjekord-ootavatest-inimestest?id=80061342

AlejandroNovember 4, 2017 9:02 AM

@Anders

Yes, you are right:

"This is a nice example how some little thing can effectively bring down the whole e-way of living cutting people out of it...."

Cutting edge technology doesn't always work at because it's.... new...and untried.

They will get it straightened out and be way ahead of everyone else in the long run. The current frustration is understandable, however.

AlejandroNovember 4, 2017 10:08 AM

Canadians have cyber security issues too as reported by Brian Krebs.....

"For the second time in as many years, hackers have compromised Verticalscope.com, a Canadian company that manages hundreds of popular Web discussion forums totaling more than 45 million user accounts."

The worst part is: the data is already for sale if you know where to look. Yuk.

Krebs offered:

"In practice, there’s no reason people should ever re-use the same password. Password managers can help users pick and remember unique, strong passwords for all sites that require a login; all the user needs to do is remember a single “master password” to unlock all the others.

Mr. Krebs recommended Keepass and Password Safe (PwdSafe).

Password Safe should sound familiar to a few folks here, as Bruce Schneier created it.

Re: Canadian hack: https://krebsonsecurity.com/2017/11/2nd-breach-at-verticalscope-impacts/#more-41365

Link to Password Safe: https://pwsafe.org/

AndersNovember 4, 2017 10:22 AM

@Alejandro

"Cutting edge technology doesn't always work at because it's.... new...and untried."

Sorry but neither RSA nor PKI nor smart cards are very cutting edge technology, they are around us for ages already. RSA still holds up nicely if properly implemented. Problem here is that you build up the the whole instrastructure just based on trust, it has single point of failure and when (really when, not if) it fails, everything collapses.

With cryptography the issue is always when, not if. And as we see now, all government agencies were unprepared for this, no backup plans, nothing. Zero.

Probably after X years we will learn that the ECC is also "tampered" by some nice three-letter agency so we will have the ACT 2 of the play.

albertNovember 4, 2017 1:58 PM


"Why is a pun like the fluid in a snakes eye?"

Answer in the next Squid Blog.....

. .. . .. --- ....

A Nonny BunnyNovember 4, 2017 2:56 PM

@Mike Amling

What's the quantum computing impact on finding a discrete log and on finding an Elliptic Curve discrete log?
As I understand it, there is a general quantum computing algorithm to reduce a search space from N^2 to N. But for some applications, like e.g. prime factorization there are better algorithms. There isn't (yet) a better algorithm known for discrete logs afaik, but neither any proof there isn't one. So for now doubling keysize (squaring the search space) seems good enough, but we don't really know what the future may bring.

handle_xNovember 4, 2017 4:08 PM

The wisdom of the crowd prevails again I see.

Unless you enjoy severe pain for no good reason, struvite consumption is unwise.

I'm sure the anti-regula-shun types will disagree but I think avoidable issues are avoidable for a reason.


From the wiki https://en.wikipedia.org/wiki/Struvite

Struvite kidney stones[edit]

Struvite precipitates in alkaline urine, forming kidney stones. Struvite is the most common mineral found in urinary tract stones in dogs,[7] and is found also in urinary tract stones of cats and humans. Struvite stones are potentiated by bacterial infection that hydrolyzes urea to ammonium and raises urine pH to neutral or alkaline values. Urea-splitting organisms include Proteus, Pseudomonas, Klebsiella, Staphylococcus, and Mycoplasma.

Even in the absence of infection, accumulation of struvite crystals in the urinary bladder is a problem frequently seen in housecats, with symptoms including difficulty urinating (which may be mistaken for constipation) or blood in the urine (hematuria). The protein cauxin, a protein excreted in large amounts in cat urine that acts to produce a feline pheromone, has recently been found to cause nucleation of struvite crystals in a model system containing the ions necessary to form struvite. This may explain some of the excess struvite production in domestic cats.[8] In the past, surgery has been required to remove struvite uroliths in cats; today, special acidifying low magnesium diets may be used to dissolve sterile struvite stones.[9]
Upper urinary tract stones that involve the renal pelvis and extend into at least 2 calyces are classified as staghorn calculi. Although all types of urinary stones can potentially form staghorn calculi, approximately 75% are composed of a struvite-carbonate-apatite matrix.

WaelNovember 4, 2017 7:14 PM

@Anders,

On Fridays our host creates this thread so we post security news that he may have missed. @Bruce is fascinated by Squids, so he called it the squid post. That's the limit of my knowledge. I'm not sure if he eats calamari!

malindali406@aol.comNovember 4, 2017 10:07 PM

@ Tic Tac Tow

Wow, the Zeus Panda banking Trojan is highly complex and flexable. It even uses Google search results to target people. It somewhat like a busted NSAer turned hacker for hire or the like.

'A malicious “Swiss Army Knife” from Eastern Europe'

"What makes Panda so exceptional other than the evasion mechanisms and quality of the workmanship that went into it, is its versatility. While ZeuS Panda is first and foremost a Banking Trojan, it is also capable of stealing other types of data from a system. This also includes clipboard contents (i.e. what you have copied in a file in order to paste it somewhere else – password managers often make use of the clipboard when transferring data from the password manager to an application / website), making screen shots and providing a full-on backdoor into a system using VNC. The latter would be the same as if you had someone sitting behind you and looking over your shoulder 24/7... There are very clear indications as to ZeuS Panda’s origin: the malware will not run if it detects that the system is based either in Russia, The Ukraine, Belarus or Kazakhstan."- G Data

https://www.gdatasoftware.com/blog/2017/08/29928-analysis-zeus-panda

complete blog:

https://cyber.wtf/2017/03/13/zeus-panda-webinjects-dont-trust-your-eyes/

https://cyber.wtf/2017/02/03/zeus-panda-webinjects-a-case-study/

Talso Intelligence Group

http://blog.talosintelligence.com/2017/11/zeus-panda-campaign.html

I wonder if changing your system location setting to Russia would prevent the trojan?

RachelNovember 5, 2017 12:08 AM

Clive

Sincerely wishing you comfort, ease, fufillment, joy, warmth, mirth, silliness, rapid healing and a rapid trip home with strict instructions never to return as hospitals are for sick people!

Ergo SumNovember 5, 2017 6:33 AM

@Alejandro...

Quote from your link...

Mr. Krebs recommended Keepass and Password Safe (PwdSafe)
.

Both of the password managers have local, instead of cloud-based database. Coincidence? Maybe not....

I have been using Password safe for a long time, but...

Other than the fact that each account having a different password, there isn't much benefit for strong password in cases of stolen account credentials. Knowing how weak some password hashes are at some sites, if they encrypted at all, getting the plain text passwords out of the hacked database seems trivial nowadays. In which case, the only "benefit" for the strong password is that the end user cannot login without the password manager.

In my view, this is one of the reason why people don't really care much about password, especially for disposable email, forum, etc., accounts.

handle_xNovember 5, 2017 9:44 AM

" In which case, the only "benefit" for the strong password is that the end user cannot login without the password manager. "

You don't need to go to a full 64-char #N@#JK$N@#&*C type C# looking memory disaster.

"F4cebook h4rvests pr1vacy s0 g1ve 4ccordingly" - Will not be brute forced by old age.

I'd trust a post-it note with a clue before I'd trust some dumpable 3rd party plugin interface - Most if not all of the major pw managers have been breached in the last 3 years.

And if you're not using a major one then who the hell knows what's going on...


JG4November 5, 2017 5:57 PM


John Robb published this

The Coming Urban Terror
http://www.nationalreview.com/article/453420/urban-terror-cities-uniquely-vulnerable-21st-century

rather timely given the latest tragedy in the US. the urban terror has been here for a while.

I didn't notice that anyone connected the dots from Nick P.'s comments last weekend, with links to the high assurance platform sponsored by the spooks, to the open innovation in system verification at SRI International. It took a couple of links to get there, but it was worth the trip. I've been meaning to post the relevant links, but they're easy to find.

handle_xNovember 5, 2017 7:56 PM

India has MILLIONS of people, 25% of the total people who died, die of pollution related causes annually.

A shooting of 26 people in Texas just now occurred, in a church.

Urban terrorism is a statistical aberration by comparison to cheeseburgers or cars.

Are we not distracted from the real threats to our existence?

ASTEROIDS! :O

You know they just wait until we're distracted. Basteroids!

Gunter KönigsmannNovember 6, 2017 12:23 AM

@anders: in Germany Google is known as "Datenkrake": A kraken that uses all it's 8 arms for prey - which happens to be data. I always think of the squid post as being about slightly similar animals.

Having said that: 2-3 years ago I daily got E-Mails containing only groups of four letters. Each day from a different hotel, restaurant or other typical place that looks like being easy-to-hijack for spam mail. These mails have returned. Only they now contain groups ofseven letters. One example would be:

ysdihwh ejroqcr iysyqch afvufbd eysukjf alvyhjx

Does anyone know what that means? The message is long enough to contain the address of a c&c server plus a checksum. But it can mean other things, as well, of course.

HermanNovember 6, 2017 3:15 AM

"Only they now contain groups ofseven letters. One example would be:

ysdihwh ejroqcr iysyqch afvufbd eysukjf alvyhjx"

These must be numbers messages sent out to sleeping Soviet KGB spooks who didn't get the memo when the USSR collapsed in 1991. They are trying to bring the spies in from the cold before they die of old age.

albertNovember 6, 2017 9:49 AM

@Gunter Königsmann,

Were the four character messages ACGT combinations?

It could be gaslighting...

. .. . .. --- ....

Gunter KönigsmannNovember 6, 2017 12:25 PM

They seem to have higher information density than the ASCII representation of DNA, but less than 7plus. Another one read:

oqhiwpm arcecwc axxazvr atsyhpd arkibbr actupbk

Some characters seem to be less frequent than others, though. Perhaps that is due to the lack of a large enough statistical sample. Or someone is just trying to type random characters.

Gunter KönigsmannNovember 6, 2017 12:33 PM

Cool idea!
But they seemed to have a higher information density than the ASCII representation of DNA.

Sounds like a J. G. Ballard-style SciFi theme: sending real viruses per spam and looking if someone collects enough data to recognize...

AnuraNovember 6, 2017 1:51 PM

Does any one know if any work has been done on concepts for type-safe terminals? Not necessarily as a drop-in alternative to existing terminals, but a different way of doing things entirely. I really hate the traditional text-based arguments for functions; parsing free-form text is the root of all evil.

It seems to me that if you had the terminal recognize, let's say, a certificate object, and the certificate constructor then you could use a generic terminal interface for configuring the certificate object and passing it to a signing utility function without the use of a specifically-designed executable (e.g. without the need for the openssl utility itself).

I thought about this when considering the problem of file permissions. Certain utilities that save files (e.g. text editors) are limited in terms of app-based file permissions because they need to be able to open and save any arbitrary file. However, with a type-safe command line you can give have a parameter that takes a file, rather than a path, and allow a utility access only to files that were explicitly passed to it.

You can use function attributes both to define which functions are designed to be used as a utility or config, and to specify the help information. You would be able to just as easily build a GUI on top of those functions as well. Hypothetically, you could have an OS where every application is just a function in a shared library.

RatioNovember 6, 2017 9:21 PM

More information on the Khan Shaykhun sarin attack from the Seventh report of the Organisation for the Prohibition of Chemical Weapons-United Nations Joint Investigative Mechanism (S/2017/904):

46. With respect to identifying those responsible, the Leadership Panel has determined that the information that it has obtained constitutes sufficient credible and reliable evidence of the following:

(a) Aircraft dropped munitions over Khan Shaykhun between 0630 and 0700 hours on 4 April 2017;

(b) An aircraft of the Syrian Arab Republic was in the immediate vicinity of Khan Shaykhun between 0630 and 0700 hours on 4 April 2017;

(c) The crater from which the sarin emanated was created on the morning of 4 April 2017;

(d) The crater was caused by the impact of an aerial bomb travelling at high velocity;

(e) A large number of people were affected by sarin between 0630 and 0700 hours on the morning of 4 April 2017;

(f) The number of persons affected by the release of sarin on 4 April 2017, and the fact that sarin reportedly continued to be present at the site of the crater 10 days after the incident, indicate that a large amount of sarin was likely released, which is consistent with its being dispersed through a chemical aerial bomb;

(g) The symptoms of victims and their medical treatment, as well as the scale of the incident, are consistent with a large-scale intoxication of sarin;

(h) The sarin identified in the samples taken from Khan Shaykhun was found to have most likely been made with a precursor (DF) from the original stockpile of the Syrian Arab Republic;

(i) The irregularities described in annex II are not of such a nature as to call into question the aforementioned findings.

On the basis of the foregoing, the Leadership Panel is confident that the Syrian Arab Republic is responsible for the release of sarin at Khan Shaykhun on 4 April 2017. The findings of the Leadership Panel regarding the evidence in this case are based on the information set forth in detail in annex II.

Previous comment on the Report of the Independent International Commission of Inquiry on the Syrian Arab Republic (A/HRC/36/55).

(This is clearly bogus. I think I'll wait and see what Very Serious Expert Seymour Hersh has to say. Or Russia. They always have such perfectly reasonable explanations. For example, I'm sure this two-week-old item just describes a series of regrettable kayaking and camping incidents in the lush Syrian forests that happened to involve some very unfortunate Russian ecotourists.)

WaelNovember 6, 2017 9:56 PM

@Anura,

Does any one know if any work has been done on concepts for type-safe terminals?

Not sure I quite understand, but I'll take a stab; ABAC could be used for that. The operating system (Capability-based, for example) has to enforce such behavior, not the application. Perhaps a few more examples can help?

WaelNovember 7, 2017 7:34 AM

@Anders,

Another one is falling...

This is significant news! I wouldn't be surprised if this has been exploited by manufacturers and TLA alike for some time. Manufacturers get visibility into IP and TLAs inserting backdoors if the manufacturer wasn't "cooperating" or out of their "jurisdiction". It's a vector of subversion. What were you saying @RobertT a while back? ;)

P1735 uses one-time session keys and public-private key pairs to encrypt designs in transit and at rest. However, how the standard keeps a blueprint out of the hands of a miscreant once the design is decrypted in memory by the engineering toolchain for processing is unclear...
-- The Register

That's what I thought would be the weakest link. Until this news surfaced! Doesn't look like P1735 went through proper Cryptanalysis.

Clive RobinsonNovember 7, 2017 4:23 PM

@ Rachel,

... and a rapid trip home with strict instructions never to return as hospitals are for sick people!

Sadly yes.

The ward I was on there was an ininteresting chap in his 80's who had been an engineer and I'd got chatting with. Unfortunatly he caught MRSA, so they moved him into an issolation side ward. As he walked past my bed, we swapped a couple of jokes and had a little bet on who would escape first. Sadly a few hours later he died.

WaelNovember 7, 2017 5:05 PM

@Clive Robinson, @Rachel,

Sadly a few hours later he died.

So he escaped first! How are you gonna collect your bet? At least he got recycled with a smile :)

Sancho_PNovember 7, 2017 5:40 PM

@Ratio

Bogus? It’s always fascinating how a bunch of people waste their time and money to collect facts and evidence, present them in painstaking clearness - and then, finally, when we all got tired from agreeing, take a far jump to the most unlikely conclusion and close the book.

OK, it did not happen OR the Syrian Arab Republic (=Assad) did it, that’s 0/1 simple.

RatioNovember 7, 2017 7:53 PM

@Sancho_P,

Bogus?

And there I was, thinking I was overdoing the parenthetical satire… ;-)

(But seriously, start with the links I gave in my previous comment and read about Khan Shaykhun. Then read what Seymour Hersh has said and written, without retraction to this day AFAICT. For bonus points, follow the story I linked to about the award he was given, make a note of the people involved in that whole episode, and try to spot who they're allying with on this issue—some of them are kinda hard to miss. Ask yourself why they might be doing that, for even more bonus points. Finally, see what has been coming out of the Russian camp, which is about as believable as my narrative about ecotourism, and how that ties into all of this.)

K15November 8, 2017 12:11 AM

Clive, what had the gentleman worked on?

And if we think we see a security vulnerability in a company in an industry other than finance, there is still no standard way to report it, is that correct?

Clive RobinsonNovember 8, 2017 5:02 AM

Worried about struvite

As noted at the top of this blog page,

A simple test can differentiate Struvite from glass.

You can do it at home in a minute or two,

First put the kettle on. Second find a microwave proof glass container like a small Pyrex jug. Put the suspect crystals in the jug and add 15ml or so of clear spirit viniger or lemon juice to it and when the kettle has boiled add about twice that amount of boiling water. Make a pot of tea with the wrest of the boiling water and pop the jug of liquid and Struvite to the microwave at medium low just enough to keep it just boiling. After a short while the tea will have brewed, and if it is Struvite not glass then it will have gone into solution in the hot acidic solution (which is the most likely result of the test).

Thus happy it's not glass make a cup of tea and let it stand whilst you make the sarni or salad you were going to make with the canned seafood, and enjoy a quiet lunch with your cupper...

There is a faster test but it's not as certain. If you look at the suspect substance under a magnifying glass Struvite will trnd to look like regular needle like crystals with edges forming straight lines. Glass on the otherhand will tend to be irregular in shape and edges.

As for the product recall it's "Offensive PR" as opposed to "Defensive PR" and thus saves costs and reputation. The few who find the crystals are going to get a refund and also those worried about it. The press will not have a "bad news story" and life will go on as normal. Further any press arising will thus be more like free brand promotion.

Back a few years ago in the UK we had the "Nedy Burger" scare, where horse meat got into the likes of beefburgers and pasta meals. As I pointed out to the shop assistant when I carried on buying them the horse meat was actually safe to eat and actually healthier due to lower fats etc than beef. She looked supprised and I told her that in Europe horse meat was considered the same as beef or venison and was quite commonly eaten as salmaies and sausages. I decided not to tell her that in some places parts of male horse like that of deer were considered much as certain seafoods do, to have aphrodisiac properties (look up "pizzle" and "Chinese medicine" if you want to know more).

RachelNovember 8, 2017 5:31 AM

mr pipe
yes the assurances were merely 'the staff are specially trained'
(facebook receiving naked pictures to hash)

RachelNovember 8, 2017 5:36 AM

Clive

I have been advised, if one has MRSA the best thing to do is avoid hospital- its a death sentence.
no fresh air, no sunlight, sugary food and antibiotics- all things that propogate MRSA growth
( the latter by diminishing the organism without overcoming the Staph)
plus doctors that apparently dont wash their hands enough

Sancho_PNovember 8, 2017 5:55 PM

@Ratio

Nah, wait, I have absolutely no knowledge what happened (only I do not believe that an considerable amount of sarin could be produced by exploding some nearby chemicals), and I’m not interested in any such speculations.

But to jump from the “fact” to the “will” of any suspect (and strangely here: Assad, with contrary motives) is too much for my simple mind.
I guess to know which kind of people handle warfare there (but haven’t been there since years, I apologize in case I’m wrong).

tyrNovember 8, 2017 7:20 PM


@Clive

OT

How about a rundown on the Patel story while
I fix some popcorn?

MRSA makes me cringe everytime I have to enter
a hospital these days. I recall that the doctor
who wanted people to wash their hands to save
birthing mothers finally committed suicide in
despair because they ignored his advice.

The worm stuff we use on horses is bad news to
eat since it never goes away. In the olde dayes
horsemeat was usually better than beef in many
ways. The publication of Black Beauty which
presented a horse as a maiden aunt removed it
from the diet of folk who function through
ignorance. Makes it hard to get a horse pizzle
sandwich in USA these days.

Bill Binney is back in the spotlight and as
usual being castigated by the ignorant for
presenting the facts he is sure of. I doubt
Pompeo was thrilled by Trump forcing him to
meet with Binney.

The middle east gets more interesting every
day. I don't think in a good way either.

Wishing you well.

RatioNovember 8, 2017 7:29 PM

@Sancho_P,

Nah, wait, I have absolutely no knowledge what happened (only I do not believe that an considerable amount of sarin could be produced by exploding some nearby chemicals), and I’m not interested in any such speculations.

Well, if you're interested in the available evidence, start by following the links I gave and go from there. I think you'll find there's not much room for mere speculation.

(FYI, you just shot down a scenario proposed by Russia.)

But to jump from the “fact” to the “will” of any suspect (and strangely here: Assad, with contrary motives) is too much for my simple mind.

I'm not sure what you're referring to? (Or what Assad's “contrary motives” might be.)

I guess to know which kind of people handle warfare there (but haven’t been there since years, I apologize in case I’m wrong).

I'm sorry, I don't understand. ¿?

RatioNovember 9, 2017 11:43 PM

How Britain did Gaddafi’s dirty work:

Details of the dark arrangements made by the intelligence agencies of the US, UK and Libya have been gleaned through interviews with government officials and victims of rendition, British government documents disclosed under the Freedom of Information Act, and material that emerged during a lengthy Scotland Yard investigation and a number of civil trials. In large part, however, what follows is based on several extraordinary caches of secret British, American and Libyan intelligence documents that were discovered amid the chaos of the Libyan revolution in 2011, scattered around abandoned government offices, prisons and officials’ private residences. Many of the most intriguing documents were found by Libyan civilians and human rights activists in September that year inside ESO’s offices. Others came to light in various government outposts after Gaddafi was captured and killed the following month. All together, they amount to many thousands of pages.

These papers show that the post-9/11 rapprochement between the Gaddafi regime and the west – and Tony Blair’s government in particular – went far deeper than was previously known.

The most highly publicised result of the renewed dialogue with Libya was the dictator’s announcement that he was abandoning his WMD ambitions, both his nuclear and chemical and biological programmes. Another coup was the signing of multimillion dollar gas and oil exploration deals. Quietly, however, the relationship also bore a more bitter fruit: the kidnappings, detention and beatings carried out and assisted by the CIA and MI6.

RatioNovember 9, 2017 11:53 PM

Edit: instead of the opaque “ESO”, it should have said “[Col Muammar Gaddafi’s notorious overseas intelligence agency, External Security Organisation (ESO)]”.

WaelNovember 10, 2017 1:32 AM

@Ratio,

Details of the dark arrangements made by the intelligence agencies of the US, UK and Libya

What a mess. Whom do we believe or can believe? Qaddafi was a kook bar none. And Blair is a bona fide registered scum bag.

RatioNovember 10, 2017 9:32 AM

@Wael,

What a mess.

Yup.

I wish the article had been longer, I'm sure there's much more to be told. I'll see what I can find…

(Then again, I'm having trouble keeping up with things as it is. I'm half way through this 243 page thing I thought was absurdist comedy. Turns out it was real-life Congressional testimony! Meanwhile the pile isn't getting any smaller…)

Sancho_PNovember 10, 2017 3:08 PM

@Ratio

Seems my reply was considered to be inappropriate, sorry, no hints for you :-(

Clive RobinsonNovember 11, 2017 2:58 AM

@ Wael,

What a mess. Whom do we believe or can believe? Qaddafi was a kook bar none. And Blair is a bona fide registered scum bag.

It's true enough for just a glimpse of a few crumbs on the floor. From the full orgy feast, that will I hope will come out before Blair rots in hell.

Put simply Blair is an extream narcissist, who worked out that the way to political supremacy was to suround himself with those who were mainly just of average inteligence. He gave suggestions verbally, they put them into policy if it failed, then they not Blair fell on their swords, to stroll in the wilderness for a few months keeping their mouths shut before being "recycled" back into another political office...

The thing is he wanted to be the President of the world, or atleast to be seen as a better PM than Maggie Thatcher. Thus he needed his own Ronny Raygun and holy war, GWB and Iraq provided that. But what Blair failrd to realise is that the US neo-cons played him like a cheap harlot just as they did GWB. They got the war against Sadam they had wanted for twenty years (he was seen as too strong a leader to be alowed to stay in power, thus was getting in the way of "the cheap oil plan" which required all leaders in the middle east to be dependent on the US, thus funneling the petro dollars back into the US MIC).

So Blair did not just campaign for the invasion he actively lied and invented evidence to support it. It's also been claimed by an MP of the time that he was involved with getting rid of Dr David Kelly, and that Dr Kelly was in effect suicieded via the later head of MI6 who had been captured by "The Number Ten Clique".

We now know that the Clique also green lighted rendition flights that took inconveniant people to countries that practiced not just significant tourture, mutilation, murder and disappearing people but also were actively passing on what was found to br Fake Intel, to not just Western ICs but journalists and what might politely be called "radicals".

Much of this was known at the time but it did not make it into the newspapers for acouple of reasons. Firstly Blair was fairly intimately involved with the women around Rupert Murdoch of News International and secondly "the offing" of David Kelly and the subsequrnt attacks on the BBC but the fear of god into other journalists.

Needless to say the rest of Europe saw what an idiotic puppet Blair was and gave him and the US the cold shoulder, hence the Murdoch pushed "Cheese Eating Surrender Monkeys" that countless US authoritarian followers fell in line with.

So Blair cooked his own goose with Europe which is why it currently does not have a US style President, which Blair had pushed hard for. Because he figured if he could not be Prrsident of the World he could atleast be more powerfull than the US President as the type of President of Europe he wanted and craved.

I could go on but you can look up and verify the above if you wish as there is enough info out there to corroborate it.

WaelNovember 11, 2017 3:36 AM

@Clive Robinson,

I hope will come out before Blair rots in hell.

You and me both!

neo-cons played him like a cheap harlot...

Par for the course! They say the Apple doesn't fall far from the tree. His parents:

Born as Charles Leonard Augustus Parsons in Filey, Yorkshire, England, he was the illegitimate[2] son of two middle class travelling entertainers.

I'll spare you the synonyms!

I could go on but you can look up and verify the above if you wish as there is enough info out there to corroborate it.

Don't need to. Seen enough!

Clive RobinsonNovember 12, 2017 2:16 AM

@ Wael,

No comprende!

Ahhh, "The Number Ten Clique", was a group of unelected individuals that had various names at various points but one was "The Policy Unit" headed up by the likes of Alistair Campbell another "apple that fell close to the tree.

When you read about the "dodgy dossier" you need to remember that there were actually two of them. The one that is most instructive was where they stole the work of a totally unrelated researchers thesis reworded it a bit and in effect called the plagiarism an official government document...

The clique worked by the old IC and religious cult trick of "If you know what I know but can not tell you" trick to draw people in to "The Cult of Tony". The prize for "the faithful" was to get a moment or two of "the saviors" time and thus to "reflect his light unto the rest of the faithful".

It's the sort of worst cronyism you would expect to find in a dictatorship not a democracy.

The way things are set up in the UK democratic process and is supposed to work is that you have elected members of the current majority party put in nominal "policy" charge of the various Civil Service Ministries. The Civil Service is supposed to be non partisan in every way, and likewise the elected MP who is it's Minister is not supposed to interfere with the day to day running of the ministry. If a Minister has issues with personnel etc they are supposed to take it to either the permanent undersecretary in the ministry or to the Civil Service head via the Cabinet Office.

What ministers are not supposed to do is bring in large groups of "advisers" from outside the Civil Service, and certainly not from entities such as corporates with "vested interests" in the way policy is set. But as can be seen now with "revolving door" consultants from the major accounting firms in the Treasury, Inland Revenue and similar in other Ministries there are now so many "blind eyes" in Government that even some one who is totaly hopless can look good as slf interested corporates put their interests above all others.

This sort of behaviour was one of Tony Blair's "major gifts" to UK Democtacy and he and his cronies have been feather nested very nicely.

Several journalists have pointed out that the reason Tony Blair never became a member of the House of Lords was the required and public "Declatation of Members Interests" would mean revealing much of the highly questionable activities both he and his wife were upto whilst in power. Not just the "cash for questions" and other scandles but the real down and dirty likely serious criminal activities including the likes of Treason.

WaelNovember 12, 2017 6:16 PM

@Clive Robinson,

"The Number Ten Clique", was a group of unelected individuals ...

Got it. Thanks!

RatioNovember 12, 2017 10:57 PM

@Sancho_P,

Seems my reply was considered to be inappropriate, sorry, no hints for you :-(

Maybe next time? :-)

RachelNovember 13, 2017 10:37 AM

Wael

Clive didnt spell out what perhaps you were wondering. Number 10 (number ten clique) refers to 'Number 10 Downing st' which is where the PM is to the found

Theres an excellent dark satire on those particular events, by the english, called In The Loop.feature film. very funny.

Clive RobinsonNovember 13, 2017 11:31 AM

@ Rachel, Wael,

Number 10 (number ten clique) refers to 'Number 10 Downing st' which is where the PM is to the found

And there was me thinking "Number 10" --or actually 11 when Tony was PM-- was more well known than say 1600 Pennsylvania Ave or even 5 Adelaide Ave, Deakin ;-)

WaelNovember 13, 2017 11:56 AM

@Rachel, @Clive Robinson,

refers to 'Number 10 Downing st'

I thought I understood but apparently didn't make the correlation. Thanks.

even 5 Adelaide Ave, Deakin ;-)

Not gonna ask about this address. Why don't you send me the address list, wholesale?

RachelNovember 13, 2017 1:00 PM

Wael

Parlament House Canberra, Australia. i didnt even need to look it up! check out the image, bit different.
but i like your wholesale address idea. Bruce could blog on it? You could correct it? Clive could make arcane connections

Clive RobinsonNovember 13, 2017 6:32 PM

@ Rachel, Wael,

Clive could make arcane connections

Ouch... I prefer subtle.

For instance I thought Wael would have got the No 5 connection due to the recent verbals originating / dribbling out from there about the supremacy of Australian Law over "God's domain"...

Something even long dead Kings like Knut[1] not only knew but occassionaly had to show others. Even though others --read axe grinders-- have tried to make out he was stupid/deluded/mad.

[1] Not sure what the dude's address was, as he certainly "got around a bit" in more ways than one. But also because back then, we did not realy have what you might call a "Postal Service" and the Y1K problems were most certainly not ICT related :-)

http://www.ourmigrationstory.org.uk/oms/englands-migrant-king-knut-of-denmark

WaelNovember 13, 2017 7:43 PM

@Clive Robinson, @Rachel,

...would have got the No 5 connection due to the recent verbals originating / dribbling out from there about the supremacy of Australian Law over...

I try to skip the political stuff... Have enough stress as it is.

as he certainly "got around a bit" in more ways than one.

You mean he was also[1] promiscuous :)

[1] Or in this case, we may say: He also was promiscuous !

Clive RobinsonNovember 14, 2017 2:29 AM

@ Wael,


You mean he was also[1] promiscuous

Well... He may have been faithfull whilst in marriage, but he certaibly dumped his old wife and children to take a new wife, for what appears "political reasons". That is he had made the woman a widow and then married her to get the kingdom...

On the page you linked to, did you "also observe" / "observe also"[1],

    ...you said that you'r not aware of any message, so i sent the message again...

From Lucky 3? It's something that gets my goat, every time my brain trips over it. That is,

1, "you said" -past,
2, "you're not aware" -current,
3, "I sent" -past.

It should be "you were unaware" -past...

It is often seen with people who use two languages almost interchangeably on a daily basis. Where the languages do not realy share common roots. Whilst in informal conversation it is "mostly harmless" in formal contracts etc it can be deadly.

[1] Also, causes similar problems at the end of sentences[2].

[2] Sentence or Sentance, at school back in the 1960s I was taught that there was a difference. That is "a" was what a judge gave you as a "gaol sentance" but "e" was what the judge would use to "write up" their findings. However it appears that for most people "e" serves for both...

RachelNovember 14, 2017 9:19 AM

Clive

' in formal contracts it can be deadly'

reminds of an obscure niche in Law that claims there is a distinction between lower case and uppercase. The most ominous example given is the US-North America Constitution. 'We The People' being in capitals, apparently refers, only, to the individuals that wrote the constitution (plus their descendants)

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.