Project Cumulus Tracks Stolen Credentials
April 26, 2016
Ever wonder how far stolen information can go on the Dark Web? If so, check out “Project Cumulus—Tracking Fake Phished Credentials Leaked to Dark Web” at Security Affairs. Researchers at Bitglass baited the hook and tracked the mock data. Writer Pierluigi Paganini explains:
“The researchers created a fake identity for employees of a ghostly retail bank, along with a functional web portal for the financial institution, and a Google Drive account. The experts also associated the identities with real credit-card data, then leaked ‘phished’ Google Apps credentials to the Dark Web and tracked the activity on these accounts. The results were intriguing, the leaked data were accessed in 30 countries across six continents in just two weeks. Leaked data were viewed more than 1,000 times and downloaded 47 times, in just 24 hours the experts observed three Google Drive login attempts and five bank login attempts. Within 48 hours of the initial leak, files were downloaded, and the account was viewed hundreds of times over the course of a month, with many hackers successfully accessing the victim’s other online accounts.”
Yikes. A few other interesting Project Cumulus findings: More than 1400 hackers viewed the credentials; one tenth of those tried to log into the faux-bank’s web portal; and 68% of the hackers accessed Google Drive through the Tor network. See the article for more details. Paganini concludes with a reminder to avoid reusing login credentials, especially now that we see just how far stolen credentials can quickly travel.
Cynthia Murrell, April 26, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Unicorn Land: Warm Hot Chocolate and a Nap May Not Help
April 25, 2016
In the heady world of the unicorn, there are not too many search and content processing companies. I do read open source information about Palantir Technologies. Heck, I might even wrap up my notes about Palantir Gotham and make them available to someone with a yen to know more about a company which embraces secrecy but has a YouTube channel explaining how its system works.
I was poking around for open source information about how Palantir ensures that a person with a secret clearance does not “see” information classified at a higher level of access. From what I have read, the magic is in time stamps, open source content management, and some middleware. I took a break from reading the revelations from a person in the UK who idled away commute time writing about Palantir and noted “On the Road to Recap: Why the Unicorn Financing Market Just Became Dangerous for All Involved.”
I enjoy “all” type write ups. As I worked through the 5,600 word write up, I decided not to poke fun at the logic of “all” and jotted down the points which struck me as new information and the comments which I thought might be germane to Palantir, a company which (as I document in my Palantir Notebook) has successfully fast cycles of financing between 2003 and 2015 when the pace appears to have slowed.
There is no direct connection between the On the Road to Recap article and Palantir, and I certainly don’t want to draw explicit parallels. In this blog post, let me highlight some of the passages from the source article and emphasize that you might want to read the original article. If you are interested in search and content processing vendors like Attivio, Coveo, Sinequa, Smartlogic, and others of their ilk, some of the “pressures” identified in the source article are likely to apply. If the write up is on the money, I am certainly delighted to be in rural Kentucky thinking about what to have for lunch.
The first point I noted was new information to me. You, gentle reader, may be MBAized and conversant with the notion of understanding the lay of the land; to wit:
most participants in the ecosystem have exposure to and responsibility for specific company performance, which is exactly why the changing landscape is important to understand.
Ah, reality. I know that many search and content processing vendors operate without taking a big picture view. The focus is on what I call “what can we say to close a deal right now” type thinking. The write up roasts that business school chestnut of understanding life as it is, not as a marketer believes it to be.
I noted this statement in the source article:
Late 2015 also brought the arrival of “mutual fund markdowns.” Many Unicorns had taken private fundraising dollars from mutual funds. These mutual funds “mark-to-market” every day, and fund managers are compensated periodically on this performance. As a result, most firms have independent internal groups that periodically analyze valuations. With the public markets down, these groups began writing down Unicorn valuations. Once more, the fantasy began to come apart. The last round is not the permanent price, and being private does not mean you get a free pass on scrutiny.
Write downs, to me, mean one might lose one’s money.
I then learned a new term, dirty term sheets. Here’s the definition I highlighted in a bilious yellow marker hue:
“Dirty” or structured term sheets are proposed investments where the majority of the economic gains for the investor come not from the headline valuation, but rather through a series of dirty terms that are hidden deeper in the document. This allows the Shark to meet the valuation “ask” of the entrepreneur and VC board member, all the while knowing that they will make excellent returns, even at exits that are far below the cover valuation. Examples of dirty terms include guaranteed IPO returns, ratchets, PIK Dividends, series-based M&A vetoes, and superior preferences or liquidity rights. The typical Silicon Valley term sheet does not include such terms. The reason these terms can produce returns by themselves is that they set the stage for a rejiggering of the capitalization table at some point in the future. This is why the founder and their VC BOD member can still hold onto the illusion that everything is fine. The adjustment does not happen now, it will happen later.
I like rejiggering. I have experienced used car sales professionals rejiggering numbers for a person who once worked for me. Not a good experience as I recall.
I then circled this passage:
One of the shocking realities that is present in many of these “investment opportunities” is a relative absence of pertinent financial information. One would think that these opportunities which are often sold as “pre-IPO” rounds would have something close to the data you might see in an S-1. But often, the financial information is quite limited. And when it is included, it may be presented in a way that is inconsistent with GAAP standards. As an example, most Unicorn CEOs still have no idea that discounts, coupons, and subsidies are contra-revenue.
So what’s this have to do in my addled brain with Palantir? I had three thoughts, which are my opinion, and you may ignore them. In fact, why not stop reading now.
- Palantir is a unicorn and it may be experiencing increased pressure to generate a right now pay out to its stakeholders. One way Palantir can do this is to split its “secret” business from its Metropolitan business for banks. The “secret” business remains private, and the Metropolitan business becomes an IPO play. The idea is to get some money to keep those who pumped more than $700 million into the company since 2003 sort of happy.
- Palantir has to find a way to thwart those in its “secret” work from squeezing Palantir into a niche and then marginalizing the company. There are some outfits who would enjoy becoming the go-to solution for near real time operational intelligence analysis. Some outfits are big (Oracle and IBM), and others are much, much smaller (Digital Reasoning and Modus Operandi). If Palantir pulls off this play, then the government contract cash can be used to provide a sugar boost to those who want some fungible evidence of a big, big pay day.
- Palantir has to amp up its marketing, contain overhead, and expand its revenue from non government licenses and consulting.
Is Palantir’s management up to this task? The good news is that Palantir has not done the “let’s hire a Google wizard” to run the company. The bad news is that Palantir had an interesting run of management actions which resulted in a bit of a legal hassle with i2 Group before IBM bought it.
I will continue looking for information about Gotham’s security system and method. In the back of my mind will be the information and comments in On the Road to Recap.
Stephen E Arnold, April 25, 2016
Local News Station Produces Dark Web Story
April 22, 2016
The Dark Web continues to emerge as a subject of media interest for growing audiences. An article, Dark Web Makes Illegal Drug, Gun Purchases Hard To Trace from Chicago CBS also appears to have been shared as a news segment recently. Offering some light education on the topic, the story explains the anonymity possible for criminal activity using the Dark Web and Bitcoin. The post describes how these tools are typically used,
“Within seconds of exploring the deep web we found over 15,000 sales for drugs including heroin, cocaine and marijuana. In addition to the drugs we found fake Illinois drivers licenses, credit card and bank information and dangerous weapons. “We have what looks to be an assault rifle, AK 47,” said Petefish. That assault rifle AK 47 was selling for 10 bitcoin which would be about $4,000. You can buy bitcoins at bitcoin ATM machines using cash, leaving very little trace of your identity. Bitcoin currency along with the anonymity and encryption used on the dark web makes it harder for authorities to catch criminals, but not impossible.”
As expected, this piece touches on the infamous Silk Road case along with some nearby cases involving local police. While the Dark Web and cybercrime has been on our radar for quite some time, it appears mainstream media interest around the topic is slowly growing. Perhaps those with risk to be affected, such as businesses, government and law enforcement agencies will also continue catching on to the issues surrounding the Dark Web.
Megan Feil, April 22, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Newly Launched Terbium Software to Monitor Dark Web for Enterprise
April 11, 2016
Impacting groups like Target to JP Morgan Chase, data breaches are increasingly common and security firms are popping up to address the issue. The article Dark Web data hunter Terbium Labs secures $6.4m in fresh funding from ZDNet reports Terbium Labs received $6.4 million in Series A funding. Terbium Labs released software called Matchlight which provides real-time surveillance of the Dark Web and alerts enterprises when their organization’s data surfaces. Consumer data, sensitive company records, and trade secrets are among the types of data for which enterprises are seeking protection. We learned,
“Earlier this month, cloud security firm Bitglass revealed the results of an experiment focused on how quickly stolen data spreads through the Dark Web. The company found that within days, financial credentials leaked to the underground spread to 30 countries across six continents with thousands of users accessing the information.”
While Terbium appears to offer value for stopping a breach once it’s started, what about preventing such breaches in the first place? Perhaps there are opportunities for partnerships with Terbium and players in the prevention arena. Or, then again, maybe companies will buy piecemeal services from individual vendors.
Megan Feil, April 11, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
What Not to Say to a Prospective Investor (Unless They Just Arrived via Turnip Truck)
April 11, 2016
The article on Pando titled Startups Anonymous: Things Founders Say to Investors That Are Complete BS is an installment from a weekly series on the obstacles and madness inherent in the founder/investor relationship. Given that one person is trying to convince the other to give them money, and the other is looking for reasons to not give money, the conversations often turn comical faster than it takes the average startup to go broke. The article provides a list of trending comments that one might overhear coming from a founder’s mouth (while their nose simultaneously turns red and elongates.) Here are a few gems, along with their translated meanings,
“Our growth has been all organic.” Translation: Our friends are using it. “My cofounder turned down a job at Google to focus on our company.” Translation: He applied for an internship a while back and it fell through. “We want to create a very minimalist design.” Translation: We’re not designers and can’t afford to hire a decent one. “This is a $50 billion per year untapped market.” Translation: I heard this tactic works for getting investors.”
The frustrations of fundraising is no joke, but founders get their turn to laugh at investors in the companion article titled What I’d Really Like to Say to Investors. For example: “If today, we had the revenue you’d like to see, I wouldn’t be talking to you right now. It’s as simple as that.” Injecting honesty into these interactions is apparently always funny, perhaps because as founders get increasingly desperate, their BS artistry rises in correlation.
Chelsea Kerwin, April 11, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Nasdaq Joins the Party for Investing in Intelligence
April 6, 2016
The financial sector is hungry for intelligence to help curb abuses in capital markets, judging by recent actions of Goldman Sachs and Credit Suisse. Nasdaq invests in ‘cognitive’ technology, from BA wire, announces their investment in Digital Reasoning. Nasdaq plans to connect Digital Reasoning algorithms with Nasdaq’s technology which surveils trade data. The article explains the benefits of joining these two products,
“The two companies want to pair Digital Reasoning software of unstructured data such as voicemail, email, chats and social media, with Nasdaq’s Smarts business, which is one of the foremost software for monitoring trading on global markets. It is used by more than 40 markets and 12 regulators. Combining the two products is designed to assess the context, content and relationships behind trading and spot signals that could indicate insider trading, market manipulation or even expenses rules violations.”
We have followed Digital Reasoning, and other intel vendors like them, for quite some time as they target sectors ranging from healthcare to law to military. This is just a case of another software intelligence vendor making the shift to the financial sector. Following the money appears to be the name of the game.
Megan Feil, April 6, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Glueware: A Sticky and Expensive Mess
April 5, 2016
I have been gathering open source information about DCGS, a US government information access and analysis system. I learned that the DCGS project is running a bit behind its original schedule formulated about 13 years ago. I also learned that the project is little over budget.
I noted “NASA Launch System Software Upgrade Now 77% overt Budget.” What interested me was the reference to “glueware.” The idea appears to be that it is better, faster, and maybe cheaper to use many different products. The “glueware” idea allows these technologies to be stuck or glued together. This is an interesting idea.
According to the write up:
To develop its new launch software, NASA has essentially kluged together a bunch of different software packages, Martin noted in his report. “The root of these issues largely results from NASA’s implementation of its June 2006 decision to integrate multiple products or, in some cases, parts of products rather than developing software in-house or buying an off-the-shelf product,” the report states. “Writing computer code to ‘glue’ together disparate products has turned out to be more complex and expensive than anticipated. As of January 2016, Agency personnel had developed 2.5 million lines of ‘glue-ware,’ with almost two more years of development activity planned.”
The arguments for the approach boil down to the US government’s belief that many flowers blooming in one greenhouse is better than buying flowers from a farm in Encinitas.
The parallels with DCGS and its well known government contractors and Palantir with its home brew Gotham system are interesting to me. What happens if NASA embraces a commercial provider? Good news for that commercial provider and maybe some push back from the firms chopped out of the pork loin. What happens if Palantir gets rebuffed? Unicorn burgers, anyone?
Stephen E Arnold, April 5, 2016
Paywalls Block Pleasure Reading
April 4, 2016
Have you noticed something new in the past few months on news Web sites? You click on an interesting article and are halfway though reading it when a pop-up banner blocks out the screen. The only way to continue reading is to enter your email, find the elusive X icon, or purchase a subscription. Ghacks.net tells us to expect more of these in, “Read Articles Behind Paywalls By Masquerading As Googlebot.”
Big new sites such as the Financial Times, The New York Times, The Washington Post, and The Wall Street Journal are now experimenting with the paywall to work around users’ ad blockers. The downside is that content will be locked up and sites might lose viewers, but that might be a risk they are willing to take to earn a bigger profit.
There used be some tricks to get around paywalls:
“It is no secret that news sites allow access to news aggregators and search engines. If you check Google News or Search for instance, you will find articles from sites with paywalls listed there. In the past, news sites allowed access to visitors coming from major news aggregators such as Reddit, Digg or Slashdot, but that practice seems to be as good as dead nowadays. Another trick, to paste the article title into a search engine to read the cached story on it directly, does not seem to work properly anymore as well as articles on sites with paywalls are not usually cached anymore.”
The best way, the article says, is to make the Web site think you are a Googlebot. Web sites allow Googlebots roam freely to appear higher in search engine results. There are a few ways to trick the Web sites into thinking you are a Googlebot based on your Internet browser, Firefox or Chrome. Check them out, but it will not be long before those become old-fashioned too.
Whitney Grace, April 4, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Google Ad Revenue: Squeezing Ahead but Who Will Be the Squeezee?
March 31, 2016
I read “Google makes One Third of Its Global Revenue from Advertisements.” I have been off base because I assumed that Google derived 90 percent of its revenue from online advertising. I stand corrected even if I am not 100 percent confident in the report in Propakistani.
Set the numbers aside for a nonce. If one considers the relative relationship in ad revenue among Facebook, Google, and Yahoo (poor old Yahoo), the write up hits on an important point:
Google’s share in the global ad market is also diminishing. Its percentage in the net share of the total global online ad revenue has actually decreased to 33.3 percent. The figure was 34.6 percent in 2014. Analysts from Statista have predicted an even greater decline in market share in 2016, down to 30.9 percent.
Okay, Statista may be the source of the insight.
From my point of view, Google will have to figure out what to do about Zuck and his band of former Xooglers. If Facebook continues to enjoy robust growth, life might become more interesting at the Alphabet Google thing.
One other thought: It might become more expensive to run ads on the Google platform unless the sale of Loon balloons soars. Revenue issues may ground the fleet in the future as part of the new fiscal order at the search giant.
Stephen E Arnold, March 31, 2016
Short Honk: Alphabet Google and Health Investments
March 24, 2016
Short honk: This is an important article in my opinion. “Sergey Brin’s Search for a Parkinson’s Cure” reports that Mr. Brin exercises. He dives. I noted this passage:
With every dive, Brin gains a little bit of leverage—leverage against a risk, looming somewhere out there, that someday he may develop the neurodegenerative disorder Parkinson’s disease. Buried deep within each cell in Brin’s body—in a gene called LRRK2, which sits on the 12th chromosome—is a genetic mutation that has been associated with higher rates of Parkinson’s.
Also, I highlighted this passage:
It sounds so pragmatic, so obvious, that you can almost miss a striking fact: Many philanthropists have funded research into diseases they themselves have been diagnosed with. But Brin is likely the first who, based on a genetic test, began funding scientific research in the hope of escaping a disease in the first place.
A number of questions zipped through my mind. I won’t raise them. Perhaps the write up explains the “solving death” project and provides some insight into various Alphabet Google investments. In short, an article with information of some import to those who seek to understand the Alphabet Google thing.
Stephen E Arnold, March 24, 2016
-
- Subscribe to Beyond Search
Feature archive
News archive
-
