The Encrypted Enterprise Search
February 3, 2016
Another enterprise software distributor has taken the leap into a proprietary encrypted search engine. Computer Technology Review informs us that “VirtualWorks Releases Its Encrypted Enterprise Search Platform ViaWorks Built On Hitachi Technology.” VirtualWorks’s enterprise search platform is called ViaWorks and the company’s decision to release an encrypted search engine comes after there has been a rise in data security breaches as well as concern about how to prevent such attacks. We will not even mention how organizations want to move to the cloud, but are fearful of hacking. More organizations from shopping in person on the Internet, banking, healthcare, government, and even visiting a library use self-service portals that rely on personal information to complete tasks. All of these portals can be hacked, so trade organizations and the government are instituting new security measures.
Everyone knows, however, that basic rules and a firewall are not enough to protect sensitive information. That is why companies like VirtualWorks stay one step ahead of the game with a product like ViaWork built on Hitachi’s Searchable Encryption technology. ViaWorks is a highly encrypted platform that does not sacrifice speed and accuracy for security
“ViaWorks encrypted enterprise search features are based on AES, a worldwide encryption standard established by NIST; special randomization process, making the encrypted data resistant to advanced statistical attacks; with key management and encryption APIs that store encryption keys securely and encrypt the original data. ViaWorks provides key management and encryption APIs that store encryption keys securely and encrypt the original data, respectively. Users determine which field is encrypted, such as index files, search keyword or transaction logs.”
VirtualWorks already deployed ViaWorks in beta tests within healthcare, government, insurance, and finance. Moving information to the cloud saves money, but it presents a security risk and slow search. A commercial encrypted search engine paired with cloud computing limits the cyber risk.
Whitney Grace, February 3, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Anonymity Not Always Secured for Tor and Dark Web Users
January 28, 2016
From the Washington Post comes an article pertinent to investigative security technologies called This is how the government is catching people who use child porn sites. This piece outlines the process used by the FBI to identify a Tor user’s identity, despite the anonymity Tor provides. The article explains how this occurred in one case unmasking the user Pewter,
“In order to uncover Pewter’s true identity and location, the FBI quietly turned to a technique more typically used by hackers. The agency, with a warrant, surreptitiously placed computer code, or malware, on all computers that logged into the Playpen site. When Pewter connected, the malware exploited a flaw in his browser, forcing his computer to reveal its true Internet protocol address. From there, a subpoena to Comcast yielded his real name and address.”
Some are concerned with privacy of the thousands of users whose computers are also hacked in processes such as the one described above. The user who was caught in this case is arguing the government’s use of such tools violated the Fourth Amendment. One federal prosecutor quoted in the article describes the search processes used in this case as a “gray area in the law”. His point, that technology is eclipsing the law, is definitely one that deserves more attention from all angles: the public, governmental agencies, and private companies.
Megan Feil, January 28, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
The Ins and Outs of Hacking Software
December 23, 2015
Hacking software is and could be a potential problem. While some government agencies, hacktivist organizations, and software companies are trying to use it for good, terrorist groups, digital thieves, and even law enforcement agencies can use it to spy and steal data from individuals. The Technology Review shares some interesting stories about how software is being used for benign and harmful purposes in “The Growth Industry Helping Governments Hack Terrorists, Criminals, And Political Opponents.”
The company Hacking Team is discussed at length and its Remote Control System software, which can worm its way through security holes in a device and steal valuable information. Governments from around the globe have used the software for crime deterrence and to keep tabs on enemies, but other entities used the software for harmful acts including spying and hacking into political opponents computers.
Within the United States, it is illegal to use a Remote Control System without proper authority, but often this happens:
“When police get access to new surveillance technologies, they are often quickly deployed before any sort of oversight is in place to regulate their use. In the United States, the abuse of Stingrays—devices that sweep up information from cell phones in given area—has become common. For example, the sheriff of San Bernardino County, near Los Angeles, deployed them over 300 times without a warrant in the space of less than two years. That problem is only being addressed now, years after it emerged, with the FBI now requiring a warrant to use Stingrays, and efforts underway to force local law enforcement to do the same. It’s easy to imagine a similar pattern of abuse with hacking tools, which are far more powerful and invasive than other surveillance technologies that police currently use.”
It is scary how the software is being used and how governments are skirting around its own laws to use it. It reminds me of how gun control is always controversial topic. Whenever there is a mass shooting, debates rage about how the shooting would never had happened if there was stricter gun control to keep weapons out of the hands of psychopaths. While the shooter was blamed for the incident, people also place a lot of blame on the gun, as if it was more responsible. As spying, control, and other software becomes more powerful and ingrained in our lives, I imagine there will be debates about “software control” and determining who has the right to use certain programs.
Whitney Grace, December 23, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
New Years Resolutions in Personal Data Security
December 22, 2015
The article on ITProPortal titled What Did We Learn in Records Management in 2016 and What Lies Ahead for 2016? delves into the unlearnt lessons in data security. The article begins with a look back over major data breaches, including Ashley Madison, JP Morgan et al, and Vtech and gathers from them the trend of personal information being targeted by hackers. The article reports,
“A Crown Records Management Survey earlier in 2015 revealed two-thirds of people interviewed – all of them IT decision makers at UK companies with more than 200 employees – admitted losing important data… human error is continuing to put that information at risk as businesses fail to protect it properly…but there is legislation on the horizon that could prompt change – and a greater public awareness of data protection issues could also drive the agenda.”
The article also makes a few predictions about the upcoming developments in our approach to data protection. Among them includes the passage of the European Union General Data Protection Regulation (EU GDPR) and the resulting affect on businesses. In terms of apps, the article suggests that more people might start asking questions about the information required to use certain apps (especially when the data they request is completely irrelevant to the functions of the app.) Generally optimistic, these developments will only occur of people and businesses and governments take data breaches and privacy more seriously.
Chelsea Kerwin, December 22, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Bill Legislation Is More Complicated than Sitting on Capitol Hill
December 14, 2015
When I was in civics class back in the day and learning about how a bill became an official law in the United States, my teacher played Schoolhouse Rock’s famous “I’m Just a Bill” song. While that annoying retro earworm still makes the education rounds, the lyrics need to be updated to record some of the new digital “paperwork” that goes into tracking a bill. Engaging Cities focuses on legislation data in “When Lobbyists Write Legislation, This Data Mining Tool Traces The Paper Trail.”
While the process to make a bill might seem simple according to Schoolhouse Rock, it is actually complicated and is even crazier as technology pushes more bills through the legislation process. In 2014, there were 70,000 state bills introduced across the country and no one has the time to read all of them. Technology can do a much better and faster job.
“ A prototype tool, presented in September at Bloomberg’s Data for Good Exchange 2015 conference, mines the Sunlight Foundation’s database of more than 500,000 bills and 200,000 resolutions for the 50 states from 2007 to 2015. It also compares them to 1,500 pieces of “model legislation” written by a few lobbying groups that made their work available, such as the conservative group ALEC (American Legislative Exchange Council) and the liberal group the State Innovation Exchange(formerly called ALICE).”
A data-mining tool for government legislation would increase government transparency. The software tracks earmarks in the bills to track how the Congressmen are benefiting their states with these projects. The software analyzed earmarks as far back as 1995 and it showed that there are more than anyone knew. The goal of the project is to scour the data that the US government makes available and help people interpret it, while also encouraging them to be active within the laws of the land.
The article uses the metaphor “need in a haystack” to describe all of the government data. Government transparency is good, but when they overload people with information it makes them overwhelmed.
Whitney Grace, December 14, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
The State Department Delves into Social Media
October 13, 2015
People and companies that want to increase a form of communication between people create social media platforms. Facebook was invented to take advantage of the digital real-time environment to keep people in contact and form a web of contacts. Twitter was founded for a more quick and instantaneous form of communication based on short one hundred forty character blurbs. Instagram shares pictures and Pinterest connects ideas via pictures and related topics. Using analytics, the social media companies and other organizations collect data on users and use that information to sell products and services as well as understanding the types of users on each platform.
Social media contains a variety of data that can benefit not only private companies, but the government agencies as well. According to GCN, the “State Starts Development On Social Media And Analytics Platform” to collaborate and contribute in real-time to schedule and publish across many social media platforms and it will also be mobile-enabled. The platform will also be used to track analytics on social media:
“For analytics, the system will analyze sentiment, track trending social media topics, aggregate location and demographic information, rank of top multimedia content, identify influencers on social media and produce automated and customizable reports.”
The platform will support twenty users and track thirty million mentions each year. The purpose behind the social media and analytics platform is still vague, but the federal government has proven to be behind in understanding and development of modern technology. This appears to be a step forward to upgrade itself, so it does not get left behind. But a social media platform that analyzes data should have been implemented years ago at the start of this big data phenomenon.
Whitney Grace, October 13, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Legacy Servers: Upgrade Excitement
October 2, 2015
Enterprise management systems (ECM) were supposed to provide an end all solution for storing and organizing digital data. Data needs to be stored for several purposes: taxes, historical record, research, and audits. Government agencies deployed ECM solutions to manage their huge data loads, but the old information silos are not performing up to modern standards. GCN discusses government agencies face upgrading their systems in “Migrating Your Legacy ECM Solution.”
When ECMs first came online, information was stored in silos programmed to support even older legacy solutions with niche applications. The repositories are so convoluted that users cannot find any information and do not even mention upgrading the beasts:
“Aging ECM systems are incapable of fitting into the new world of consumer-friendly software that both employees and citizens expect. Yet, modernizing legacy systems raises issues of security, cost, governance and complexity of business rules — all obstacles to a smooth transition. Further, legacy systems simply cannot keep up with the demands of today’s dynamic workforce.”
Two solutions present themselves: data can be moved from an old legacy system to a new one or simply moving the content from the silo. The barriers are cost and time, but the users will reap the benefits of upgrades, especially connectivity, cloud, mobile, and social features. There is the possibility of leaving the content in place using interoperability standards or cloud-based management to make the data searchable and accessible.
The biggest problem is actually convincing people to upgrade. Why fix what is not broken? Then there is the justification of using taxpayers’ money for the upgrade when the money can be used elsewhere. Round and round the argument goes.
Whitney Grace, October 2, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
It Is a Recommended Title
August 24, 2015
Centripetal Networks offers a fully integrated security network specializing in threat-based intelligence. Threat intelligence is being informed about potential attacks, who creates the attacks, and how to prevent them. Think of it as the digital version of “stranger danger.” Centripetal Networks offers combative software using threat intelligence to prevent hacking with real-time results and tailoring for individual systems.
While Centripetal Networks peddles its software, they also share information sources that expand on threat intelligence, how it pertains to specific industries, and new developments in digital security. Not to brag or anything, but our very own CyberOSINT: Next Generation Information Access made the news page! Take a gander at its description:
“The RuleGate technology continues to remain the leader in speed and performance as an appliance, and its visualization and analytics tools are easy-to-use. Because of federal use and interest, its threat intelligence resources will continue to rank at the top. Cyber defense, done in this manner, is the most useful for its real time capacity and sheer speed in computing.”
CyberOSINT was written for law enforcement officials to gain and understanding of threat intelligence as well as tools they can use to arm themselves against cyber theft and track potential attacks. It profiles companies that specialize in threat intelligence and evaluates them. Centripetal Networks is proudly featured in the book.
Whitney Grace, August 24, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Open Source Tools for IBM i2
August 17, 2015
IBM has made available two open source repositories for the IBM i2 intelligence platform: the Data-Acquisition-Accelerators and Intelligence-Analysis-Platform can both be found on the IBM-i2 page at GitHub. The IBM i2 suite of products includes many parts that work together to give law enforcement, intelligence organizations, and the military powerful data analysis capabilities. For an glimpse of what these products can do, we recommend checking out the videos at the IBM i2 Analyst’s Notebook page. (You may have to refresh the page before the videos will play.)
The Analyst’s Notebook is but one piece, of course. For the suite’s full description, I turned to the product page, IBM i2 Intelligence Analysis Platform V3.0.11. The Highlights summary describes:
“The IBM i2 Intelligence Analysis product portfolio comprises a suite of products specifically designed to bring clarity through the analysis of the mass of information available to complex investigations and scenarios to help enable analysts, investigators, and the wider operational team to identify, investigate, and uncover connections, patterns, and relationships hidden within high-volume, multi-source data to create and disseminate intelligence products in real time. The offerings target law enforcement, defense, government agencies, and private sector businesses to help them maximize the value of the mass of information that they collect to discover and disseminate actionable intelligence to help them in their pursuit of predicting, disrupting, and preventing criminal, terrorist, and fraudulent activities.”
The description goes on to summarize each piece, from the Intelligence Analysis Platform to the Information Exchange Visualizer. I recommend readers check out this page, and, especially, the videos mentioned above for better understanding of this software’s capabilities. It is an eye-opening experience.
Cynthia Murrell, August 18, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Online Ads Discriminate
August 3, 2015
In our modern age, discrimination is supposed to be a thing of the past. When it does appear, people take to the Internet to vent their rage and frustrations, eager to point out this illegal activity. Online ads, however, lack human intelligence and are only as smart as their programmed algorithm. Technology Review explains in “Probing The Dark Side of Google’s Ad-Targeting System” that Google’s ad service makes inaccurate decisions when it comes to gender and other personal information.
A research team at Carnegie Mellon University and the International Computer Science Institute built AdFisher, a tool to track targeted third party ads on Google. AdFisher found that ads were discriminating against female users. Google offers a transparency tool that allows users to select what types of ads appear on their browsers, but even if you use the tool it doesn’t stop some of your personal information from being used.
“What exactly caused those specific patterns is unclear, because Google’s ad-serving system is very complex. Google uses its data to target ads, but ad buyers can make some decisions about demographics of interest and can also use their own data sources on people’s online activity to do additional targeting for certain kinds of ads. Nor do the examples breach any specific privacy rules—although Google policy forbids targeting on the basis of “health conditions.” Still, says Anupam Datta, an associate professor at Carnegie Mellon University who helped develop AdFisher, they show the need for tools that uncover how online ad companies differentiate between people.”
The transparency tool only controls some of the ads and third parties can use their own tools to extract data. Google stands by its transparency tool and even offers users the option to opt-out of ads. Google is studying AdFisher’s results and seeing what the implications are.
The study shows that personal data spills out on the Internet every time we click a link or use a browser. It is frightening how the data can be used and even hurtful if interpreted incorrectly by ads. The bigger question is not how retailers and Google uses the data, but how do government agencies and other institutes plan to use it?
Whitney Grace, August 3, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
-
- Subscribe to Beyond Search
Feature archive
News archive
-
