Bold Hackers
April 27, 2016
It looks like some hackers are no longer afraid of the proverbial light, we learn from “Sony Hackers Still Active, ‘Darkhotel’ Checks Out of Hotel Hacking” at InformationWeek. Writer Kelly Jackson Higgins cites Kaspersky security researcher Juan Andres Guerrero-Saade, who observes that those behind the 2014 Sony hack, thought to be based in North Korea, did not vanish from the scene after that infamous attack. Higgins continues:
“There has been a noticeable shift in how some advanced threat groups such as this respond after being publicly outed by security researchers. Historically, cyber espionage gangs would go dark. ‘They would immediately shut down their infrastructure when they were reported on,’ said Kurt Baumgartner, principal security researcher with Kaspersky Lab. ‘You just didn’t see the return of an actor sometimes for years at a time.’
“But Baumgartner says he’s seen a dramatic shift in the past few years in how these groups react to publicity. Take Darkhotel, the Korean-speaking attack group known for hacking into WiFi networks at luxury hotels in order to target corporate and government executives. Darkhotel is no longer waging hotel-targeted attacks — but they aren’t hiding out, either.
“In July, Darkhotel was spotted employing a zero-day Adobe Flash exploit pilfered from the HackingTeam breach. ‘Within 48 hours, they took the Flash exploit down … They left a loosely configured server’ exposed, however, he told Dark Reading. ‘That’s unusual for an APT [advanced persistent threat] group.’”
Seeming to care little about public exposure, Darkhotel has moved on to other projects, like reportedly using Webmail to attack targets in Southeast Asia.
On the other hand, one group which experts had expected to see more of has remained dark for some time. We learn:
“Kaspersky Lab still hasn’t seen any sign of the so-called Equation Group, the nation-state threat actor operation that the security firm exposed early last year and that fell off its radar screen in January of 2014. The Equation Group, which has ties to Stuxnet and Flame as well as clues that point to a US connection, was found with advanced tools and techniques including the ability to hack air gapped computers, and to reprogram victims’ hard drives so its malware can’t be detected nor erased. While Kaspersky Lab stopped short of attributing the group to the National Security Agency (NSA), security experts say all signs indicate that the Equation Group equals the NSA.”
The Kaspersky team doesn’t think for a minute that this group has stopped operating, but believe they’ve changed up their communications. Whether a group continues to lurk in the shadows or walks boldly in the open may be cultural, they say; those in the Far East seem to care less about leaving tracks. Interesting.
Cynthia Murrell, April 27, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Research MapsThreat Actors of the Dark Web
April 25, 2016
Known as the Dark Web, a vast amount of sites exist requiring specialized software, Tor is most commonly used, to access them. Now, the first map of the Dark Web has launched, according to Peeling Back the Onion Part 1: Mapping the #DarkWeb from Zero Day Lab. A partner of Zero Day Lab, Intelliagg is a threat intelligence service, which launched this map. While analyzing over 30,000 top-level sites, their research found English as the most common language and file sharing and leaked data were the most common hidden marketplaces, followed by financial fraud. Hacking comprised only three percent of sites studied. The write-up describes the importance of this map,
“Until recently it had been difficult to understand the relationships between hidden services and more importantly the classification of these sites. As a security researcher, understanding hidden services such as private chat forums and closed sites, and how these are used to plan and discuss potential campaigns such as DDoS, ransom attacks, kidnapping, hacking, and trading of vulnerabilities and leaked data; is key to protecting our clients through proactive threat intelligence. Mapping these sites back to Threat Actors (groups), is even more crucial as this helps us build a database on the Capability, Infrastructure, and Motivations of the adversary.”
Quite an interesting study, both in topic and methods which consisted of a combination of human and machine learning information gathering. Additionally, this research produced an interactive map. Next, how about a map that shows the threat actors and their sites?
Megan Feil, April 25, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Webinjection Code a Key to Security
April 25, 2016
The heady days of open cybercrime discussions on the Dark Web are over, thanks to increasing investigation by law-enforcement. However, CaaS vendors still sell products like exploit kits, custom spam, and access to infected endpoints to those who know where to look. Security Intelligence discusses one of the most popular commodities, webinjection resources, in its article, “Dark Web Suppliers and Organized Cybercrime Gigs.” Reporter Limor Kessem explains:
“Webinjections are code snippets that financial malware can force into otherwise legitimate Web pages by hooking the Internet browser. Once a browser has been compromised by the malware, attackers can use these injections to modify what infected users see on their bank’s pages or insert additional data input fields into legitimate login pages in order to steal information or mislead unsuspecting users.
“Whether made up of HTML code or JavaScript, webinjections are probably the most powerful social engineering tool available to cybercriminals who operate banking Trojan botnets.
“To be considered both high-quality and effective, these webinjections have to seamlessly integrate with the malware’s injection mechanism, display social engineering that corresponds with the target bank’s authentication and transaction authorization schemes and have the perfect look and feel to fool even the keenest customer eye.”
Citing IBM X-Force research, Kessem says there seem to be only a few target-specific webinjection experts operating on the Dark Web. Even cybercriminals who develop their own malware are outsourcing the webinjection code to one of these specialists. This means, of course, that attacks from different groups often contain similar or identical webinjection code. IBM researchers have already used their findings about one such vendor to build specific “indicators of compromise,” which can be integrated into IBM Security products. The article concludes with a suggestion:
“Security professionals can further extend this knowledge to other platforms, like SIEM and intrusion prevention systems, by writing custom rules using information about injections shared on platforms like X-Force Exchange.”
Cynthia Murrell, April 25, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Watson Lacks Conversation Skills and He Is Not Evil
April 22, 2016
When I was in New York last year, I was walking on the west side when I noticed several other pedestrians moving out of the way of a man mumbling to himself. Doing as the natives do, I moved aside and heard the man rumble about how, “The robots are taking over and soon they will be ruling us. You all are idiots for not listening to me.” Fear of a robot apocalypse has been constant since computer technology gained precedence and we also can thank science-fiction for perpetuating it. Tech Insider says in “Watson Can’t Actually Talk To You Like In The Commercials” Elon Musk, Bill Gates, Stephen Hawking, and other tech leaders have voiced their concerns about creating artificial intelligence that is so advanced it can turn evil.
IBM wants people to believe otherwise, which explains their recent PR campaign with commercials that depict Watson carrying on conversations with people. The idea is that people will think AI are friendly, here to augment our jobs, and overall help us. There is some deception on IBM’s part, however. Watson cannot actually carry on a conversation with a person. People can communicate with, usually via an UI like a program via a desktop or tablet. Also there is more than one Watson, each is programmed for different functions like diagnosing diseases or cooking.
“So remember next time you see Watson carrying on a conversation on TV that it’s not as human-like as it seems…Humor is a great way to connect with a much broader audience and engage on a personal level to demystify the technology,’ Ann Rubin, Vice President IBM Content and Global Creative, wrote in an email about the commercials. ‘The reality is that these technologies are being used in our daily lives to help people.’”
If artificial intelligence does become advanced enough that it is capable of thought and reason comparable to a human, it is worrisome. It might require that certain laws be put into place to maintain control over the artificial “life.” That day is a long time off, however, until then embrace robots helping to improve life.
Whitney Grace, April 22, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Google Removes Pirate Links
April 21, 2016
A few weeks ago, YouTube was abuzz with discontent from some of its most popular YouTube stars. Their channels had been shut down die to copyright claims by third parties, even thought the content in question fell under the Fair Use defense. YouTube is not the only one who has to deal with copyright claims. TorrentFreak reports that “Google Asked To Remove 100,000 ‘Pirate Links’ Every Hour.”
Google handles on average two million DMCA takedown notices from copyright holders about pirated content. TorrentFreak discovered that the number has doubled since 2015 and quadrupled since 2014. The amount beats down to one hundred thousand per hour. If the rate continues it will deal with one billion DMCA notices this year, while it had previously taken a decade to reach this number.
“While not all takedown requests are accurate, the majority of the reported links are. As a result many popular pirate sites are now less visible in Google’s search results, since Google downranks sites for which it receives a high number of takedown requests. In a submission to the Intellectual Property Enforcement Coordinator a few months ago Google stated that the continued removal surge doesn’t influence its takedown speeds.”
Google does not take broad sweeping actions, such as removing entire domain names from search indexes, as it does not want to become a censorship board. The copyright holders, though, are angry and want Google to promote only legal services over the hundreds of thousands of Web sites that pop up with illegal content. The battle is compared to an endless whack-a-mole game.
Pirated content does harm the economy, but the numbers are far less than how the huge copyright holders claim. The smaller people who launch DMCA takedowns, they are hurt more. YouTube stars, on the other hand, are the butt of an unfunny joke and it would be wise for rules to be revised.
Whitney Grace, April 21, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Digging for a Direction of Alphabet Google
April 21, 2016
Is Google trying to emulate BAE System‘s NetReveal, IBM i2, and systems from Palantir? Looking back at an older article from Search Engine Watch, How the Semantic Web Changes Everything for Search may provide insight. Then, Knowledge Graph had launched, and along with it came a wave of communications generating buzz about a new era of search moving from string-based queries to a semantic approach, organizing by “things”. The write-up explains,
“The cornerstone of any march to a semantic future is the organization of data and in recent years Google has worked hard in the acquisition space to help ensure that they have both the structure and the data in place to begin creating “entities”. In buying Wavii, a natural language processing business, and Waze, a business with reams of data on local traffic and by plugging into the CIA World Factbook, Freebase and Wikipedia and other information sources, Google has begun delivering in-search info on people, places and things.”
This article mentioned Knowledge Graph’s implication for Google to deliver strengthened and more relevant advertising with this semantic approach. Even today, we see the Alphabet Google thing continuing to shift from search to other interesting information access functions in order to sell ads.
Megan Feil, April 21, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Lessons to Learn from Instagram Translation Systems
April 20, 2016
Social media services attempt to eliminate the publishing of pornographic content on their sites through a combination of user reporting and algorithms. However, Daily Star reports Shock as one million explicit porn films found on Instagram. This content existed on Instagram despite their non-nudity policy. However, according to the article, much of the pornographic videos and photos were removed after news broke. Summarizing how the content was initially published, the article states,
“The videos were unearthed by tech blogger Jed Ismael, who says he’s discovered over one million porn films on the site. Speaking on his blog, Ismael said: “Instagram has banned certain English explicit hashtags from being showed in search. “Yet users seem to find a way around the policy, by using non English terms or hashtags. “I came across this discovery by searching for the hashtag “?????” which means movies in Arabic.” Daily Star Online has performed our own search and easily found hardcore footage without the need for age verification checks.”
While Tor has typically been seen as the home for such services, it appears some users have found a workaround. Who needs the Dark Web? As for those online translation systems, perhaps some services should consider their utility.
Megan Feil, April 20, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Mindbreeze Breaks into Slovak Big Data Market Through Partnership with Medialife
April 18, 2016
The article titled Mindbreeze and MEDIALIFE Launch Strategic Partnership on BusinessWire discusses what the merger means for the Slovak and Czech Republic enterprise search market. MediaLife emphasizes its concentrated approach to document management systems for Slovak customers in need of large systems for the management, processing, and storage of documents. The article details,
“Based on this partnership, we provide our customers innovative solutions for fast access to corporate data, filtering of relevant information, data extraction and their use in automated sorting (classification)… Powerful enterprise search systems for businesses must recognize relationships among different types of information and be able to link them accordingly. Mindbreeze InSpire Appliance is easy to use, has a high scalability and shows the user only the information which he or she is authorized to view.”
Daniel Fallmann, founder and CEO of Mindbreeze, complimented himself on his selection of a partner in MediaLife and licked his chops at the prospect of the new Eastern European client base opened to Mindbreeze through the partnership. Other Mindbreeze partners exist in Italy, the UK, Germany, Mexico, Canada, and the USA, as the company advances its mission to supply enterprise search appliances as well as big data and knowledge management technologies.
Chelsea Kerwin, April 18, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
First Surface Web Map of the Dark Web
April 15, 2016
Interested in a glimpse of the Dark Web without downloading Tor and navigating it yourself? E-Forensics Magazine published Peeling back the onion part 1: Mapping the Dark Web by Stuart Peck, which shares an overview of services and content in this anonymity-oriented internet. A new map covering the contents of the Dark Web, the first one to do so, was launched recently by a ZeroDayLab key partner, and threat intelligence service Intelliagg. The write-up explains,
“But this brings me to my previous point why is this map so important? Until recently, it had been difficult to understand the relationships between hidden services, and more importantly the classification of these sites. As a security researcher, understanding hidden services, such as private chat forums and closed sites, and how these are used to plan and discuss potential campaigns, such as DDoS, Ransom Attacks, Kidnapping, Hacking, and Trading of Vulnerabilities and leaked data, is key to protecting our clients through proactive threat intelligence.”
Understanding the layout of an online ecosystem is an important first step for researchers or related business ventures. But what about a visualization showing these web services are connected to functions, such as financial and other services, with brick-and-mortar establishments? It is also important to that while this may be the first Surface Web map of the Dark Web, many navigational “maps” on .onion sites that have existed as long as users began browsing on Tor.
Megan Feil, April 15, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Microsoft Azure Plans Offers Goldilocks and Three Bears Strategy to Find Perfect Fit
April 15, 2016
The article on eWeek titled Microsoft Debuts Azure Basic Search Tier relates the perks of the new plan from Microsoft, namely, that it is cheaper than the others. At $75 per month (and currently half of for the preview period, so get it while it’s hot!) the Basic Azure plan has lower capacity when it comes to indexing, but that is the intention. The completely Free plan enables indexing of 10,000 documents and allows for 50 megabytes of storage, while the new Basic plan goes up to a million documents. The more expensive Standard plan costs $250/month and provides for up to 180 million documents and 300 gigabytes of storage. The article explains,
“The new Basic tier is Microsoft’s response to customer demand for a more modest alternative to the Standard plans, said Liam Cavanagh, principal program manager of Microsoft Azure Search, in a March 2 announcement. “Basic is great for cases where you need the production-class characteristics of Standard but have lower capacity requirements,” he stated. Those production-class capabilities include dedicated partitions and service workloads (replicas), along with resource isolation and service-level agreement (SLA) guarantees, which are not offered in the Free tier.”
So just how efficient is Azure? Cavanagh stated that his team measured the indexing performance at 15,000 documents per minute (although he also stressed that this was with batches organized into groups of 1,000 documents.) With this new plan, Microsoft continues its cloud’s search capabilities.
Chelsea Kerwin, April 15, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
-
- Subscribe to Beyond Search
Feature archive
News archive
-
