The Web, the Deep Web, and the Dark Web
July 18, 2016
If it was not a challenge enough trying to understand how the Internet works and avoiding identity theft, try carving through the various layers of the Internet such as the Deep Web and the Dark Web. It gets confusing, but “Big Data And The Deep, Dark Web” from Data Informed clears up some of the clouds that darken Internet browsing.
The differences between the three are not that difficult to understand once they are spelled out. The Web is the part of the Internet that we use daily to check our email, read the news, check social media sites, etc. The Deep Web is an Internet sector not readily picked up by search engines. These include password protected sites, very specific information like booking a flight with particular airline on a certain date, and the TOR servers that allow users to browse anonymously. The Dark Web are Web pages that are not indexed by search engines and sell illegal goods and services.
“We do not know everything about the Dark Web, much less the extent of its reach.
“What we do know is that the deep web has between 400 and 550 times more public information than the surface web. More than 200,000 deep web sites currently exist. Together, the 60 largest deep web sites contain around 750 terabytes of data, surpassing the size of the entire surface web by 40 times. Compared with the few billion individual documents on the surface web, 550 billion individual documents can be found on the deep web. A total of 95 percent of the deep web is publically accessible, meaning no fees or subscriptions.”
The biggest seller on the Dark Web is child pornography. Most of the transactions take place using BitCoin with an estimated $56,000 in daily sales. Criminals are not the only ones who use the Dark Web, whistle-blowers, journalists, and security organizations use it as well. Big data has not even scratched the surface related to mining, but those interested can find information and do their own mining with a little digging
Whitney Grace, July 18 , 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
There is a Louisville, Kentucky Hidden Web/Dark
Web meet up on July 26, 2016.
Information is at this link: http://bit.ly/29tVKpx.
Six Cybercriminal Archetypes from BAE Systems
July 11, 2016
Tech-security firm BAE Systems has sketched out six cybercriminal types, we learn from “BAE Systems Unmasks Today’s Cybercriminals” at the MENA Herald. We’re told the full descriptions reveal the kinds of havoc each type can wreak, as well as targeted advice for thwarting them. The article explains:
“Threat intelligence experts at BAE Systems have revealed ‘The Unusual Suspects’, built on research that demonstrates the motivations and methods of the most common types of cybercriminal. The research, which is derived from expert analysis of thousands of cyber attacks on businesses around the world. The intention is to help enterprises understand the enemies they face so they can better defend against cyber attack.”
Apparently, such intel is especially needed in the Middle East, where cybercrime was recently found to affect about 30 percent of organizations. Despite the danger, the same study from PwC found that regional companies were not only unprepared for cyber attacks, many did not even understand the risks.
The article lists the six cybercriminal types BAE has profiled:
“The Mule – naive opportunists that may not even realise they work for criminal gangs to launder money;
The Professional – career criminals who ‘work’ 9-5 in the digital shadows;
The Nation State Actor – individuals who work directly or indirectly for their government to steal sensitive information and disrupt enemies’ capabilities;
The Activist – motivated to change the world via questionable means;
The Getaway – the youthful teenager who can escape a custodial sentence due to their age;
The Insider – disillusioned, blackmailed or even over-helpful employees operating from within the walls of their own company.”
Operating in more than 40 countries, BAE Systems is committed to its global perspective. Alongside its software division, the company also produces military equipment and vehicles. Founded in 1999, the company went public in 2013. Unsurprisingly, BAE’s headquarters are in Arlington, Virginia, just outside of Washington DC. As of this writing, they are also hiring in several locations.
Cynthia Murrell, July 11, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
VirtualWorks Purchases Natural Language Processing Firm
July 8, 2016
Another day, another merger. PR Newswire released a story, VirtualWorks and Language Tools Announce Merger, which covers Virtual Works’ purchase of Language Tools. In Language Tools, they will inherit computational linguistics and natural language processing technologies. Virtual Works is an enterprise search firm. Erik Baklid, Chief Executive Officer of VirtualWorks is quoted in the article,
“We are incredibly excited about what this combined merger means to the future of our business. The potential to analyze and make sense of the vast unstructured data that exists for enterprises, both internally and externally, cannot be understated. Our underlying technology offers a sophisticated solution to extract meaning from text in a systematic way without the shortcomings of machine learning. We are well positioned to bring to market applications that provide insight, never before possible, into the vast majority of data that is out there.”
This is another case of a company positioning themselves as a leader in enterprise search. Are they anything special? Well, the news release mentions several core technologies will be bolstered due to the merger: text analytics, data management, and discovery techniques. We will have to wait and see what their future holds in regards to the enterprise search and business intelligence sector they seek to be a leader in.
Megan Feil, July 8, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Publicly Available Information Is Considered Leaked When on Dark Web
July 7, 2016
What happens when publicly available informed is leaked to the Dark Web? This happened recently with staff contact information from the University of Liverpool according to an article, Five secrets about the Dark Web you didn’t know from CloudPro. This piece speaks to perception that the Dark Web is a risky place for even already publicly available information. The author reports on how the information was compromised,
“A spokeswoman said: “We detected an automated cyber-attack on one of our departmental online booking systems, which resulted in publically available data – surname, email, and business telephone numbers – being released on the internet. We take the security of all university-related data very seriously and routinely test our systems to ensure that all data is protected effectively. We supported the Regional Organised Crime Unit (TITAN) in their investigations into this issue and reported the case to the Information Commissioner’s Office.”
Data security only continues to grow in importance and as a concern for large enterprises and organizations. This incident is an interesting case to be reported, and it was the only story we had not seen published again and again, as it illustrates the public perception of the Dark Web being a playing ground for illicit activity. It brings up the question about what online landscapes are considered public versus private.
Megan Feil, July 7, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
The Computer Chip Inspired by a Brain
July 6, 2016
Artificial intelligence is humanity’s attempt to replicate the complicated thought processes in their own brains through technology. IBM is trying to duplicate the human brain and they have been successful in many ways with supercomputer Watson. The Tech Republic reports that IBM has another success under their belt, except to what end? Check out the article, “IBM’s Brain-Inspired Chip TrueNorth Changes How Computers ‘Think,’ But Experts Question Its Purpose.”
IBM’s TrueNorth is the first computer chip with an one million neuron architecture. The chip is a collaboration between Cornell University and IBM with the BARPA SyNAPSE Program, using $100 million in public funding. Most computer chips use the Von Neumann architecture, but the TrueNorth chip better replicates the human brain. TrueNorth is also more energy efficient.
What is the purpose of the TrueNorth chip, however? IBM created an elaborate ecosystem that uses many state of the art processes, but people are still wondering what the real world applications are:
“ ‘…it provides ‘energy-efficient, always-on content generation for wearables, IoT devices, smartphones.’ It can also give ‘real-time contextual understanding in automobiles, robotics, medical imagers, and cameras.’ And, most importantly, he said, it can ‘provide volume-efficient, unprecedented neural network acceleration capability per unit volume for cloud-based streaming processing and provide volume, energy, and speed efficient multi-modal sensor fusion at an unprecedented neural network scale.’”
Other applications include cyber security, other defense goals, and large scale computing and hardware running on the cloud. While there might be practical applications, people still want to know why IBM made the chip?
” ‘It would be as if Henry Ford decided in 1920 that since he had managed to efficiently build a car, we would try to design a car that would take us to the moon,’ [said Nir Shavit, a professor at MIT’s Computer Science and Artificial Intelligence Laboratory]. ‘We know how to fabricate really efficient computer chips. But is this going to move us towards Human quality neural computation?’ Shavit fears that its simply too early to try to build neuromorphic chips. We should instead try much harder to understand how real neural networks compute.’”
Why would a car need to go to the moon? It would be fun to go to the moon, but it doesn’t solve a practical purpose (unless we build a civilization on the moon, although we are a long way from that). It continues:
” ‘The problem is,’ Shavit said, ‘that we don’t even know what the problem is. We don’t know what has to happen to a car to make the car go to the moon. It’s perhaps different technology that you need. But this is where neuromorphic computing is.’”
In other words, it is the theoretical physics of computer science.
Whitney Grace, July 6, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Wait, the Dark Web Is Legal?
July 5, 2016
For research purposes, I surf the Dark Web on a regular basis. It is like skulking around the back alleys of a major city and witnessing all types of crime, but keeping to yourself. I have seen a few Web sites that could be deemed as legal, but most of the content I peruse is illegal: child pornography, selling prescription drugs, and even a hitman service. I have begun to think that everything on the Dark Web is illegal, except Help Net Security tells me that “Dark Web Mapping Reveals That Half Of The Content Is Legal.”
The Centre for International Governance Innovation (CIGI) conducted global survey and discovered that seven in ten (71%) of the surveyors believe the Dark Web needs to be shut down. There is speculation if the participants eve had the right definition about what the Dark Web is and might have confused the terms “Dark Web” and “Dark Net”.
Darksum, however, mapped the Tor end of the Dark Web and discovered some interesting facts:
- “Of the 29,532 .onion identified during the sampling period – two weeks in February 2016 – only 46% percent could actually be accessed. The rest were likely stort-lived C&C servers used to manage malware, chat clients, or file-sharing applications.
- Of those that have been accessed and analyzed with the companies’ “machine-learning” classification method, less than half (48%) can be classified as illegal under UK and US law. A separate manual classification of 1,000 sites found about 68% of the content to be illegal under those same laws.”
Darksum’s goal is to clear up misconceptions about the Dark Web and to better understand what is actually on the hidden sector of the Internet. The biggest hope is to demonstrate the Dark Web’s benefits.
Whitney Grace, July 5, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Google Throws Hat in Ring as Polling Service for Political Campaigns
July 4, 2016
The article on Silicon Angle titled Google is Pitching Its Polling Service at Journos, Politicians…Also, Google Has a Polling Division explores the recent discovery of Google’s pollster ambitions. Compared to other projects Google has undertaken, this desire to join Gallup and Nielsen as a premier polling service seems downright logical. Google is simply taking advantage of its data reach to create Google Consumer Surveys. The article explains,
“Google collects the polling data for the service through pop-up survey boxes before a news article is read, and through a polling application…The data itself, while only representative of people on the internet, is said to be a fair sample nonetheless, as Google selects its sample by calculating the age, location, and demographics of those participating in each poll by using their browsing and search history…the same technology used by Google’s ad services including DoubleClick and AdWords.”
Apparently Google employees have been pitching their services to presidential and congressional campaign staffers, and at least one presidential candidate ran with them. As the article states, the entire project is a “no-brainer,” even with the somewhat uncomfortable idea of politicians gaining access to Google’s massive data trove. Let’s limit this to polling before Google gets any ideas about the census and call it a day.
Chelsea Kerwin, July 4, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Enterprise Search Is Stuck in the Past
July 4, 2016
Enterprise search is one of the driving forces behind an enterprise system because the entire purpose of the system is to encourage collaboration and quickly find information. While enterprise search is an essential tool, according to Computer Weekly’s article. “Beyond Keywords: Bringing Initiative To Enterprise Search” the feature is stuck in the past.
Enterprise search is due for an upgrade. The amount of enterprise data has increased, but the underlying information management system remains the same. Structured data is easy to make comply with the standard information management system, however, it is the unstructured data that holds the most valuable information. Unstructured information is hard to categorize, but natural language processing is being used to add context. Ontotext combined natural language processing with a graph database, allowing the content indexing to make more nuanced decisions.
We need to level up the basic keyword searching to something more in-depth:
“Search for most organisations is limited: enterprises are forced to play ‘keyword bingo’, rephrasing their question multiple times until they land on what gets them to their answer. The technologies we’ve been exploring can alleviate this problem by not stopping at capturing the keywords, but by capturing the meaning behind the keywords, labeling the keywords into different categories, entities or types, and linking them together and inferring new relationships.”
In other words, enterprise search needs the addition of semantic search in order to add context to the keywords. A basic keyword search returns every result that matches the keyword phrase, but a context-driven search actually adds intuition behind the keyword phrases. This is really not anything new when it comes to enterprise or any kind of search. Semantic search is context-driven search.
Whitney Grace, July 4, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
DuckDuckGo Sees Apparent Exponential Growth
July 1, 2016
The Tor-enabled search engine DuckDuckGo has received attention recently for being an search engine that does not track users. We found their activity report that shows a one year average of their direct queries per day. DuckDuckGo launched in 2008 and offers an array of options to prevent “search leakage”. Their website defines this term as the sharing of personal information, such as the search terms queried. Explaining a few of DuckDuckGo’s more secure search options, their website states:
“Another way to prevent search leakage is by using something called a POST request, which has the effect of not showing your search in your browser, and, as a consequence, does not send it to other sites. You can turn on POST requests on our settings page, but it has its own issues. POST requests usually break browser back buttons, and they make it impossible for you to easily share your search by copying and pasting it out of your Web browser’s address bar.
Finally, if you want to prevent sites from knowing you visited them at all, you can use a proxy like Tor. DuckDuckGo actually operates a Tor exit enclave, which means you can get end to end anonymous and encrypted searching using Tor & DDG together.”
Cybersecurity and privacy have become hot topics since Edward Snowden made headlines in 2013, which is notably when DuckDuckGo’s exponential growth begins to take shape. Recognition of Tor also became more mainstream around that time, 2013, which is when the Silk Road shutdown occurred, placing the Dark Web in the news. It appears that starting a search engine focused on anonymity in 2008 was not such a bad idea.
Megan Feil, July 1, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
More Variables Than Technology for Enterprise Security to Consider
June 29, 2016
For all the effort enterprises go to in securing data through technological solutions, there are also other variables to consider: employees. Business Insider released an article, 1 in 5 employees are willing to hand over their work passwords for money, that shares survey research from SailPoint. 20 percent of 1,000 respondents, from organizations with over 1,000 employees, would be willing to sell their work passwords. US employees win the “most likely” award with 27 percent followed by Netherlands with 20 percent, and then UK and France at 16 percent. The article tells us,
“Some employees were willing to sell their passwords for as little as $55 (£38) but most people wanted considerably more, with $82,000 (£56,000) being the global average amount required,according to figures cited by Quartz that weren’t in the report. Unauthorised access to a company’s internal systems could provide a treasure trove of valuable data for criminals. They may be targeting individual user accounts, or they could be after intellectual property, or corporate strategy data.”
Undoubtedly, search and/or cybertheft is easier with a password. While the survey reports findings that may be alarming to organizations, we are left with the question, ‘why’. It may be easy to say morality is the dividing line, but I think this article wrestling with the morality question is on the right track pointing to considering sociological implications, for example, employee engagement and satisfaction cannot be discounted as factors in a decision to sell a password.
Megan Feil, June 29, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
-
- Subscribe to Beyond Search
Feature archive
News archive
-
