Hard-headed, or just incompetent?

It's now three weeks since the RSGB sent an unsolicited e-mail to me due to, it claims, "malicious software" gaining control of Len Paget's RSGB e-mail account. There is no suggestion Paget acted improperly or even knew of the event.

Meanwhile, Twitter provides evidence of continuing IT problems at the RSGB, though no detail about what the "things" causing RSGB to be "extremely busy" is known.

In those three weeks, I've learned of, yes, the "malicious software" and that this somehow caused Len Paget's e-mail account to send what the RSGB termed "a phishing" attack, with an attachment. The RSGB further explained that, unless I had opened the attachment and entered details into it, there was no risk.

I did open the attachment (with active virus and malicious software protection enabled), and it did not appear to have any elements where data could be entered. Sure, opening it could have planted a virus, but there is no indication this happened.

So, the description of what was sent around by the "malicious software" doesn't really match what I found.  I asked the RSGB for an explanation.  I also asked them to explain why they claimed this event did not occur due to data processing by the RSGB when they, in the same e-mail, explained that it used old sent e-mail and/or stored contact addresses from Paget's account to do its dark work. 

The claim this event had nothing to do with the RSGB is simply unsutainable, and a surprising one for a data officer to make.

I also asked the RSGB to explain whether or not, in its view, my personal data, and possibly that of many others (I can't know this), was disclosed to a third party during the attack.

I sent that request for clarification to the General Manager of the RSGB. He has neither acknowledged nor answered it.

It's a real shame - but entirely predictable - that, when robustly challenged, the RSGB goes to ground.  I've since referred the case to the ICO; with no response, and the earlier information begging more questions than it answered, that is the only thing that can be done, at least for now.

I also asked the RSGB's Data Officer to erase all my personal data, as I have not been a member for many years, was not and hadn't been for some time in active contact with Paget about anything, and there was therefore no lawful reason to have held my data in the way the RSGB admitted it did.

Whilst the Data Officer acknowledged this and said "further information" on the process to be followed for erasure would be sent out, I haven't received any such details.

I've given the RSGB notice of my concerns about their failure to respond to any of the points of concern raised after their initial revelations, and that a further ICO referral will be made if this persists.

For now, it does rather appear that the RSGB's ability to comprehend, respond to and enforce secure data policies within its structure seems open to question. I hope that it addresses the issues at hand, rather than embark on some other kind of response.

RSGB 'hacked'

 

A strange thing happened at the end of last week. Completely out of the blue, I received a short, cryptic message, indicated as from Len Paget's RSGB e-mail account. Paget is one of the RSGB directors. 

There is no suggestion that Paget acted improperly, and may not have known about the event.

Paget's apparent e-mail simply sent a very short pointer to an associated, .eml type attachment, seemingly about some project or other. 

Given that I haven't been a member of the RSGB for several years, I asked the GM to explain why they held my private e-mail address, and why I had been sent the e-mail, apparently by Paget.

All went eerily silent for a week, when I had to poke the RSGB for a response, saying I would have to refer the matter to the Information Commissioner's Office if they persisted in not acknowledging my request, which was a formal Subject Access Request at that point.

This prompted the revelation by the RSGB's data protection staff that they had suffered a "malicious software" attack. The details are far from clear, and I've asked for clarification - which hasn't yet been given, and so I cannot give the RSGB's full position at the time of writing. The following is the initial position:

'Our apologies for the recent unwanted email.  The email in question was sent as a result of malicious software which had gained access to a user’s email account, and did not result from data processing by the RSGB.

This week we have conducted a thorough security investigation into the incident to avoid any recurrence.

The malicious software made use of contacts and old sent emails on the affected user’s machine.

Analysis of the bogus emails sent out shows they were a phishing scam designed to collect user login data – unless you opened the attachment and followed the link and entered data it should represent no threat to your devices.  If you still have the email, or more subsequently arrived, you are advised to delete them.'

On the face of it, this could be a case of using/accessing RSGB e-mail accounts from home computers, which can be entirely legitimate - if there are data security measures in place and people follow them.

The claim that there was no "data processing by the RSGB" is a little specious, as they are the Data Controller, and have the legal liability for what happens with data they process - data which they admit Paget had on his RSGB account as "contacts and old sent emails on the affected user's machine". This is the GDPR definition of 'processing':

Whilst holding such data might well be legitimate, there is also the need to ensure data that is not needed is not kept longer than strictly necessary. As a non-member, and not in any ongoing contact with Paget, there seems to have been no justification to hold my data at the point it suffered this attack.

Given what has happened, there are real questions about the RSGB's security measures, and whether they are applied consistently - or at all - if people are acting on behalf of the society from home equipment or, indeed, RSGB office computers. This is all the more important, given the increased likelihood of attack due, for example, to the RSGB's stance on Russian participation in their events.

For now, it is entirely unclear how many people were affected, and where their data has been disclosed, if anywhere. If, as it appears, there has been a data breach, then the RSGB must inform the ICO. There is as yet no indication that they have done so. I've advised them that, if they don't approach this incident with a view to addressing it properly, I'll be advising the ICO myself.

Update: from a discussion over on Twitter, the RSGB yesterday (13/05/2022) asked users of their new portal to set up passwords. It is unknown whether this is related to the hack discussed in this blog post. The screengrabs from the RSGB website (accessed 14/05/2022) confirm problems with the portal:

 

This summer's 6m arrangements.

For this summer, my arrangement for 6m is this 3-ele OWL from Innovantennas.  A very good match, actually a little better than the published data, even though it was built for rear, vertical mounting and that I've got it in centre-mounted, horizontal configuration!  The telescopic aluminium mast is a homebrewed, three-section unit, which cost me about £50.

Low deployment during initial matching.

 

With a clear site and ground reflections, I should realise good total gain. So my QRP input of about 5W should see it rise to something closer to a few tens of Watts.  Regardless of the exact figures, it will do well when 6m propagation is running, and I will at least see whether it's worth spending money on a 100W rig for 6m next year. My expectation is that it won't be.

This is the final matching curve at full deployed height of about 5m. Adding a layer of NATO Green spray paint to better blend in with the countryside environment made no difference at all to the matching. It's below 1.2:1 for the whole SSB and FT8 portion of 6m:

Yagi matching.

Last night, I set about getting a 3-element, OWL Yagi from Innovantennas (50MHz) up in the air, simply to get it matched-up properly; sadly, this is not a location for permanent installations (I'm already very fed-up of this and putting the house for sale next week, after only a few months here).

The antenna was designed for rear-mounting, but I decided to try it horizontally for inland-based operation (vertical is infinitely better at the coast).

5-ele version of the 50MHz OWL from Innovantennas. Sturdy, just not very practical for /p; the rear mount of the 3, let alone the 5-ele, also places large, impractical leverage stresses on the boom.

 

The matching using the published element dimensions didn't work out too well, in either horizontal or vertical orientation. Although the lowest point in the curve was broadly in the correct place (~50.25MHz), the SWR at that point was about 1.48:1 when horizontally-mounted. Not the end of the world, but we can do better than that when, at the SSB and FT8 calling frequencies, the SWR was over 1.5:1.

My antenna initially exhibited this type of fairly high-SWR matching, showing the element lengths weren't right.

I didn't think the recommended reflector dimension was long enough; it was essentially the same length as the radiator loop. I increased this by about 2cm per side, and immediately, the matching improved to about 1.38:1. 

I then tried increasing the length of the director elements by about 1cm each side. Again, this had the desired result, bringing the matching to 1.18:1 from 50.150 to 50.320 MHz - SSB and digital portions now perfect!  I'm sure I could bring it a bit lower, but it isn't really necessary.

So, good matching for the OWL antenna, with not too much fuss. I can't say I'm overly-impressed by the antenna in general, though. I don't like having to jam a screwdriver into a hole as the designed way of tightening a through-boom element nut!  The quality of the build instructions is also quite poor, with a very hurried, error-prone feel to it all. Quite disappointed, overall, but it was cheap enough (£89). With the director and reflector removed from the boom, and the outer elements of the radiating loop also, it does fit without too much fuss in a typical family hatchback.

I'm currently building a Moxon to replace this antenna for /p use. In fairness, the Moxon will likely work out about the same price as the Yagi, all things considered, and it also a bit of a transportation nuisance!

Computers always catch you out in the end!

Remember when I had a small number of trolling comments a few weeks ago?  None of them made it past approval, and so none were published.

It now seems that GM4DHJ - or possibly a person falsely claiming to be this operator - has very recently entered some details somewhere on Google, which have propagated back to the comments made earlier.

Unpublished comments, sporting an alleged link back to GM4DHJ (accessed 22/04/2022)

 

I can't tell if this really is the operator identified, or an impostor. But maybe the real GM4DHJ can shed some light on which is the case?  All attempts to find contact details for him proved fruitless, so no comment could be sought prior to publication.

DigiLink Nano - on the Pi.

As followers will know, I'm very much of the 'if it works, don't change it' school of thought when it comes to which equipment I use for radio (and everything else!)

I'm not impressed by new things, simply by virtue of them being new. Instead, I stick with things that have a proven track record. 

In that vein, I've stuck with my ZLP digital interface for about ten years by now. I carried one in my /p box, and use one at home. They are very good, very low-noise units that have stood the test of time under heavy, daily use. What's more, the old-style Digimaster I have can run two rigs, so there's no need to switch connections around when I want to use 2m digimodes after a spell of HF, for example.

Smaller, lighter and lower-noise things are all highly desirable for all /p operators!

A couple of years ago, after just about everyone except Tigertronics (which have a poor noise value, according to many reviews), had ditched on-panel volume controls, I got fed-up with ZLP and chose a DigiLink Nano for home use. That, also, has no on-board controls, but that is the way of things now, and so I decided a change was justified, and the much smaller size a big benefit.

This proved to be very successful - easy to install, tiny, and yet has the same, very low noise levels as the ZLP (as I carefully examined here). I never looked back, and slowly came round to correcting my view that on-panel volume controls were necessary; in fact, they are not, and whilst they do afford a quicker way to adjust things than via software, they must also add a little noise to the circuit.

Last night, I decided to check-out the DigiLink Nano with my Raspberry Pi 4B. Now, things are usually simple with the Pi, but not always. As it happens, it was literally just a case of plugging the Nano into the Pi, and connecting the line to the FT-818 (you can choose which interface you want, included in the price of the Nano).

 

The only difference with the Nano over the ZLP is that you have to set the volume output on the software of both Pi and Windows machines to near, or at their maximum in order to be able to both operate at normal power settings of maybe 5-10W or so, and be able to reduce the power on WSJT-X and the like to much lower levels when needed.

When I initially tried middle-of-the-road sound settings, all worked well, except when I reduced the TX (volume) on the digimode software to just 1W, when the audio output was then not enough to keep the line triggered, so it would stop transmitting or stutter. Setting all to maximum resolves this issue, without problem.

The mic can now remain connected, housed where the ZLP interface was!

 

So the Nano allowed me to vacate the space dedicated in my small box to the old ZLP interface, and use it instead to house the microphone when, previously, the mic had to be disconnected and put in my backpack. I use a 1m audio cable extender to both allow the rig to be a bit further from the computer, and also allow me to disconnect the rig from the extender, rather than directly from the Nano's own audio port, which runs the risk of premature failure. 

Disclosure: I have no connection (pardon the pun!) to either ZLP or Digilink, other than as a paying customer for their products.

What did YOU do on World Amateur Radio Day?

I set-off yesterday afternoon to do a spot of 15m portable from the lakside. Though conditions turned out to be fairly poor, I had one extremely exciting and unexpected contact - with a 6 year old boy and his father!

15m from the lake on WARD.

 

I came across the boy, who was busy saying 'hello' from a distance, with an outstretched hand. I gave him a big thumbs up. He asked what I was doing. I told him I was sending signals to the other side of the world; would he like to see the radio?  'Oh yes!', came an excited reply. His father was nodding his thanks for being kind.

I opened the silver box. He was amazed. I showed him the simple wire we use to send the signals. 'Can you turn it up to two...million?', he stuttered. 'Sure', I said. 'I can turn it up a little bit more than that, even'. 'Waaaw', came the incredulous response.

I then got rewarded for my effort by being shown a series of toy metal cars he was carrying in his pockets. 

Maybe one day, he'll remember the meeting, and try radio for himself?  Let's hope so.