First Surface Web Map of the Dark Web
April 15, 2016
Interested in a glimpse of the Dark Web without downloading Tor and navigating it yourself? E-Forensics Magazine published Peeling back the onion part 1: Mapping the Dark Web by Stuart Peck, which shares an overview of services and content in this anonymity-oriented internet. A new map covering the contents of the Dark Web, the first one to do so, was launched recently by a ZeroDayLab key partner, and threat intelligence service Intelliagg. The write-up explains,
“But this brings me to my previous point why is this map so important? Until recently, it had been difficult to understand the relationships between hidden services, and more importantly the classification of these sites. As a security researcher, understanding hidden services, such as private chat forums and closed sites, and how these are used to plan and discuss potential campaigns, such as DDoS, Ransom Attacks, Kidnapping, Hacking, and Trading of Vulnerabilities and leaked data, is key to protecting our clients through proactive threat intelligence.”
Understanding the layout of an online ecosystem is an important first step for researchers or related business ventures. But what about a visualization showing these web services are connected to functions, such as financial and other services, with brick-and-mortar establishments? It is also important to that while this may be the first Surface Web map of the Dark Web, many navigational “maps” on .onion sites that have existed as long as users began browsing on Tor.
Megan Feil, April 15, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Microsoft Azure Plans Offers Goldilocks and Three Bears Strategy to Find Perfect Fit
April 15, 2016
The article on eWeek titled Microsoft Debuts Azure Basic Search Tier relates the perks of the new plan from Microsoft, namely, that it is cheaper than the others. At $75 per month (and currently half of for the preview period, so get it while it’s hot!) the Basic Azure plan has lower capacity when it comes to indexing, but that is the intention. The completely Free plan enables indexing of 10,000 documents and allows for 50 megabytes of storage, while the new Basic plan goes up to a million documents. The more expensive Standard plan costs $250/month and provides for up to 180 million documents and 300 gigabytes of storage. The article explains,
“The new Basic tier is Microsoft’s response to customer demand for a more modest alternative to the Standard plans, said Liam Cavanagh, principal program manager of Microsoft Azure Search, in a March 2 announcement. “Basic is great for cases where you need the production-class characteristics of Standard but have lower capacity requirements,” he stated. Those production-class capabilities include dedicated partitions and service workloads (replicas), along with resource isolation and service-level agreement (SLA) guarantees, which are not offered in the Free tier.”
So just how efficient is Azure? Cavanagh stated that his team measured the indexing performance at 15,000 documents per minute (although he also stressed that this was with batches organized into groups of 1,000 documents.) With this new plan, Microsoft continues its cloud’s search capabilities.
Chelsea Kerwin, April 15, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
The Force of the Dark Web May Not Need Sides
April 14, 2016
The name “Dark Web” has sensational language written all over it. Such a label calls for myth-busting articles to be published, such as the recent one from Infosecurity Magazine, The Dark Web — Is It All Bad?. This piece highlights the opinions of James Chappell, CTO and Co-founder of Digital Shadows, who argues the way the Dark Web is portrayed in the media pigeonholes sites accessible by Tor as for criminal purposes. Chappell is quoted,
“Looking at some of the press coverage you could be forgiven for thinking that the Dark Web is solely about criminality,” he told Infosecurity. “In reality, this is not the case and there are many legitimate uses alongside the criminal content that can be found on these services. Significantly – criminality is an internet-wide problem, rather than exclusively a problem limited to just the technologies that are labelled with the Dark Web.”
The author’s allusion to Star Wars’ divided force, between supposed “good” and “bad” seems an appropriate analogy to the two sides of the internet. However, with a slightly more nuanced perspective, could it not be argued that Jedi practices, like those of the Sith, are also questionable? Binaries may be our preferred cultural tropes, as well as the building blocks of computer software programming, but let’s not forget the elements of variability: humans and time.
Megan Feil, April 14, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Tumblr Tumbles, Marking yet Another Poor Investment Decision by Yahoo
April 14, 2016
The article on VentureBeat titled As Tumblr’s Value Head to Zero, a Look at Where It Ranks Among Yahoo’s 5 Worst Acquisition Deals pokes fun at Yahoo’s tendency to spend huge amounts of cash for companies only to watch them immediately fizzle. In the number one slot is Broadcast.com. Remember that? Me neither. But apparently Yahoo doled out almost $6B in 1999 to wade into the online content streaming game only to shut the company down after a few years. And thusly, we have Mark Cuban. Thanks Yahoo. The article goes on with the ranking,
“2. GeoCities: Yahoo paid $3.6 billion for this dandy that let people who knew nothing about the Web make web pages. Fortunately, this was also mostly shut down, and nearly all of its content vanished, saving most of us from a lot GIF-induced embarrassment. 3. Overture: Yahoo paid $1.63 billion in 2003 for this search engine firm after belatedly realizing that some upstart called Google was eating its lunch. Spoiler alert: Google won.”
The article suggests that Tumblr would slide into fourth place given the $1.1B price tag and two year crash and burn. It also capitulates that there are other ways of measuring this list, such as: levels of hard to watch. By that metric, cheaper deals with more obvious mismanagement like the social sites Flickr or Delicious might take the cake.
Chelsea Kerwin, April 14, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
The Story of Google and How It Remains Reliable
April 13, 2016
I noted that Google Books offers a preview of “Site Reliability Engineering: How Google Runs Production System” by a gaggle of Googlers. The book will soon be available from O’Reilly which has given its permission to Google to provide a preview of a book about Google written by Google. You can also find a “summary” of the book at this link. I am not sure who DanLuu is, but the individual “likes this book a lot.” I would, therefore, conclude that he is either a Googler, a Xoogler, or a Googler in waiting.
From the introduction available on Google Books, it seems that the authors are Googlers. The information appears to be an explanation of some of the innovations produced by the Google in the last 15 years, a lot of the philosophy of speed and efficiency, and a bit of Google cheerleading.
What’s the book cover? Here’s a sampling of the subjects:
- A run down of Google’s philosophy of site reliability engineering
- The principles of SRE (eliminating boring manual work, simplicity, etc.)
- Practices (handling problems like cascading failure, data integrity). I would point out that Palantir moved beyond Google’s methods in its rework of Percolator to achieve greater reliability.)
- Management (more of engineering practices than orchestrating humans)
- Conclusions (Google learns which suggests other organizations do not learn).
Each of these sections is chopped into smaller segments. In generate, the writing is less academic than the approach into the technical papers which Googlers deliver at conferences.
You can order the book on Amazon too.
Stephen E Arnold, April 13, 2016
Battlefield Moves Online Forming Cyber Industrial Complex
April 13, 2016
Undoubtedly, in recent decades many processes and products have moved online. Warfare may not be exempt from this migration. Meet The Cyber-Industrial Complex: Private Contractors May Get $7B Windfall From Pentagon’s Cyberwar On ISIS, an article from International Business Times, tells us more. Defense Secretary Ashton Carter recently confirmed U.S. development of digital weapons and training of online soldiers. According to the article,
“Cyberwar threatens to cause havoc worldwide, but it could be good for the U.S. economy and a handful of publicly listed companies. Defense Secretary Ashton Carter, as part of a $582.7 billion budget request to fund his department through 2017, recently said nearly $7 billion of that will be allocated toward improving the military’s ability to develop and deploy offensive cyberweapons. That’s great news for a number of private contractors, who stand to benefit from the spending., and the highly skilled individuals they may end up hiring.”
The article explains these capabilities have been utilized by the U.S. in the past, such as the Kosovo war, but now the U.S. is claiming these tools and tactics. It is an interesting leap to visualize what attacks will evolve to look like on an online battlefield. Equally interesting is the article’s point about conflict being a business opportunity for some; it may also be true to say more problems, more money.
Megan Feil, April 13, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Tips on How to Make the Most of Big Data (While Spending the Least)
April 13, 2016
The article titled The 10 Commandments of Business Intelligence in Big Data on Datanami offers wisdom written on USB sticks instead of stone tablets. In the Business Intelligence arena, apparently moral guidance can take a backseat to Big Data cost-savings. Suggestions include: Don’t move Big Data unless you must, try to leverage your existing security system, and engage in extensive data visualization sharing (think Github). The article explains the importance of avoiding certain price-gauging traps,
“When done right, [Big Data] can be extremely cost effective… That said…some BI applications charge users by the gigabyte… It’s totally common to have geometric, exponential, logarithmic growth in data and in adoption with big data. Our customers have seen deployments grow from tens of billions of entries to hundreds of billions in a matter of months. That’s another beauty of big data systems: Incremental scalability. Make sure you don’t get lowballed into a BI tool that penalizes your upside.”
The Fifth Commandment remind us all that analyzing the data in its natural, messy form is far better than flattening it into tables due to the risk of losing key relationships. The Ninth and Tenth Commandments step back and look at the big picture of data analytics in 2016. What was only a buzzword to most people just five years ago is now a key aspect of strategy for any number of organizations. This article reminds us that thanks to data visualization, Big Data isn’t just for data scientists anymore. Employees across departments can make use of data to make decisions, but only if they are empowered to do so.
Chelsea Kerwin, April 13, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
ID Agent Alerts Government Contractors to Cyber Risk
April 12, 2016
All kinds of information shows up on the Dark Web, including thousands of emails of federal contractors. A recent article from Fierce Government IT, Report: Thousands of contractor emails found on Dark Web, shares several findings from a study conducted by ID Agent, a firm promoting its Dark Web security intelligence product. The study, “Federal Supply Chain Analysis: Cyber Threats from the Dark Web” relied on historical data loss information regarding numbers of email accounts stolen to analyze contracting areas based on their cyber risk.
The write-up expands on where ID Agent sees opportunity,
“Having cyber criminals with access to these accounts is scary enough, but malicious actors operating on the Dark Web have also taken many more forms in recent years. “While stolen personal information is concerning, national and corporate espionage continues to play a major role in the activities conducted via the Dark Web,” the report noted. ID Agent is by no means a disinterested party in disclosing the risk of these email accounts, as it hopes to market its Dark Web ID product that regularly provides this sort of threat intelligence to customers. Still, the study’s findings are a wake-up call to government contractors and the agencies employing them.”
ID Agent uses a proprietary algorithm for situating the risk of various companies and organizations. While this is a new market space, they are certainly not the only game in town when it comes to security and intelligence solutions which take the Dark Web into account. This appears to be an expanding ecosystem.
Megan Feil, April 12, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
What Is the Potential of Social Media?
April 11, 2016
Short honk. I read “How to Hack an Election.” The write up reports that a person was able to rig elections. According to the story:
For $12,000 a month, a customer hired a crew that could hack smartphones, spoof and clone Web pages, and send mass e-mails and texts. The premium package, at $20,000 a month, also included a full range of digital interception, attack, decryption, and defense. The jobs were carefully laundered through layers of middlemen and consultants.
Worth reading and then considering this question:
What are the implications of weaponized information?
Are pundits, mavens, self appointed experts, and real journalists on the job and helping to ensure that information online is “accurate”?
Stephen E Arnold, April 11, 2016
Newly Launched Terbium Software to Monitor Dark Web for Enterprise
April 11, 2016
Impacting groups like Target to JP Morgan Chase, data breaches are increasingly common and security firms are popping up to address the issue. The article Dark Web data hunter Terbium Labs secures $6.4m in fresh funding from ZDNet reports Terbium Labs received $6.4 million in Series A funding. Terbium Labs released software called Matchlight which provides real-time surveillance of the Dark Web and alerts enterprises when their organization’s data surfaces. Consumer data, sensitive company records, and trade secrets are among the types of data for which enterprises are seeking protection. We learned,
“Earlier this month, cloud security firm Bitglass revealed the results of an experiment focused on how quickly stolen data spreads through the Dark Web. The company found that within days, financial credentials leaked to the underground spread to 30 countries across six continents with thousands of users accessing the information.”
While Terbium appears to offer value for stopping a breach once it’s started, what about preventing such breaches in the first place? Perhaps there are opportunities for partnerships with Terbium and players in the prevention arena. Or, then again, maybe companies will buy piecemeal services from individual vendors.
Megan Feil, April 11, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
-
- Subscribe to Beyond Search
Feature archive
News archive
-
