Baidu Hopes Transparency Cleans up Results
July 28, 2016
One of the worries about using commercial search engines is that search results are polluted with paid links. In the United States, paid results are differentiated from organic results with a little banner or font change. It is not so within China and Seeking Alpha shares an interesting story about a Chinese search engine, “Baidu Cleans Up Search Site, Eyes Value.” Baidu recently did a major overhaul of its search engine, which was due a long, long time ago. Baidu was more interested in generating profits than providing its users a decent service. Baidu neglected to inform its users that paid links appeared alongside organic results, but now they have been separated out like paid links in the US.
Results are cleaner, but it did not come in time to help one user:
“For anyone who has missed this headline-grabbing story, the crisis erupted after 21-year-old cancer patient Wei Zexi used Baidu to find a hospital to treat his disease. He trusted the hospital he chose partly because it appeared high in Baidu’s results. But he was unaware the hospital got that ranking because it paid the most in an online auctioning system that has helped to make Baidu hugely profitable. Wei later died after receiving an ineffective experimental treatment, though not before complaining loudly about how he was misled.”
The resulting PR nightmare forced Baidu to clean up its digital act. This example outlines one of the many differences between US and Chinese business ethics. On average the US probably has more educated consumers than China, who will call out companies when they notice ethical violations. While it is true US companies are willing to compromise ethics for a buck, at least once they are caught they cannot avoid the windfall. China on the other hand, does what it wants when it wants.
Whitney Grace, July 28, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Publicly Available Information Is Considered Leaked When on Dark Web
July 7, 2016
What happens when publicly available informed is leaked to the Dark Web? This happened recently with staff contact information from the University of Liverpool according to an article, Five secrets about the Dark Web you didn’t know from CloudPro. This piece speaks to perception that the Dark Web is a risky place for even already publicly available information. The author reports on how the information was compromised,
“A spokeswoman said: “We detected an automated cyber-attack on one of our departmental online booking systems, which resulted in publically available data – surname, email, and business telephone numbers – being released on the internet. We take the security of all university-related data very seriously and routinely test our systems to ensure that all data is protected effectively. We supported the Regional Organised Crime Unit (TITAN) in their investigations into this issue and reported the case to the Information Commissioner’s Office.”
Data security only continues to grow in importance and as a concern for large enterprises and organizations. This incident is an interesting case to be reported, and it was the only story we had not seen published again and again, as it illustrates the public perception of the Dark Web being a playing ground for illicit activity. It brings up the question about what online landscapes are considered public versus private.
Megan Feil, July 7, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Websites Found to Be Blocking Tor Traffic
June 8, 2016
Discrimination or wise precaution? Perhaps both? MakeUseOf tells us, “This Is Why Tor Users Are Being Blocked by Major Websites.” A recent study (PDF) by the University of Cambridge; University of California, Berkeley; University College London; and International Computer Science Institute, Berkeley confirms that many sites are actively blocking users who approach through a known Tor exit node. Writer Philip Bates explains:
“Users are finding that they’re faced with a substandard service from some websites, CAPTCHAs and other such nuisances from others, and in further cases, are denied access completely. The researchers argue that this: ‘Degraded service [results in Tor users] effectively being relegated to the role of second-class citizens on the Internet.’ Two good examples of prejudice hosting and content delivery firms are CloudFlare and Akamai — the latter of which either blocks Tor users or, in the case of Macys.com, infinitely redirects. CloudFlare, meanwhile, presents CAPTCHA to prove the user isn’t a malicious bot. It identifies large amounts of traffic from an exit node, then assigns a score to an IP address that determines whether the server has a good or bad reputation. This means that innocent users are treated the same way as those with negative intentions, just because they happen to use the same exit node.”
The article goes on to discuss legitimate reasons users might want the privacy Tor provides, as well as reasons companies feel they must protect their Websites from anonymous users. Bates notes that there is not much one can do about such measures. He does point to Tor’s own Don’t Block Me project, which is working to convince sites to stop blocking people just for using Tor. It is also developing a list of best practices that concerned sites can follow, instead. One site, GameFAQs, has reportedly lifted its block, and CloudFlare may be considering a similar move. Will the momentum build, or must those who protect their online privacy resign themselves to being treated with suspicion?
Cynthia Murrell, June 8, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
European Companies Help Egypt Spy on Citizens
June 2, 2016
It seems that, as Egypt was brutally repressing citizens during the massive protests of 2010 and 2011, European companies were selling citizen-surveillance tech to that country’s secret spy agency. Hammerhead Combat Systems shares the article, “Espionage Files: European Companies Sold Spy Tech to a Secret Egyptian Intelligence Unit Amid Brutal Repression.” The article cites a report from Privacy International; writer Namir Shabibi tells us:
“The investigation, entitled ‘The President’s Men? Inside the Technical Research Department, the secret player in Egypt’s intelligence infrastructure,’ is the first to shed light on the growth of the TRD intelligence unit, its pivotal role in Egyptian intelligence apparatus and its links to European companies.
“The TRD’s growth is consistent with claims by human rights defenders that the Egyptian security service was in reality untouched by the revolution. Instead, it quietly went about strengthening itself under the cover of political turmoil.
“The report implicates two European companies in the sale of surveillance technology to TRD. At the time of mass protests in Egypt between 2010-11, it claims Nokia Siemens Networks provided the TRD mass surveillance capabilities including an interception management system and a monitoring center.
“Moreover, according to Privacy International, leaked emails from Italian surveillance equipment seller Hacking Team dated from last year show that it expected to earn a million euros from the sale of intrusive surveillance technologies to the unit. The technology would allow TRD complete access to the computers and smartphones of targeted individuals.”
Note that Nokia Siemens owns Trovicor, which does real-time surveillance and intercepts. The article states that former President Hosni Mubarak used the TRD to fight his political opponents and that the system may date back as far as Anwar Sadat’s rule. Seemingly unabashed, Hacking Team asserts they are in compliance with Italian regulations. On the other hand, European Member of Parliament Marietje Schaake suspects these two companies have violated existing EU rules and, if not, insists new rules must be created immediately. See the piece (originally published at Vice News), or navigate to the Privacy International report itself, for more details.
Cynthia Murrell, June 3, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Open Source Software Needs a Micro-Payment Program
May 27, 2016
Open source software is an excellent idea, because it allows programmers across the globe to share and contribute to the same project. It also creates a think tank like environment that can be applied (arguably) to any tech field. There is a downside to open source and creative commons software and that is it not a sustainable model. Open Source Everything For The 21st Century discusses the issue in their post about “Robert Steele: Should Open Source Code Have A PayPal Address & AON Sliding Scale Rate Sheet?”
The post explains that open source delivers an unclear message about how code is generated, it comes from the greater whole rather than a few people. It also is not sustainable, because people do need funds to survive as well as maintain the open source software. Fair Source is a reasonable solution: users are charged if the software is used at a company with fifteen or more employees, but it too is not sustainable.
Micro-payments, small payments of a few cents, might be the ultimate solution. Robert Steele wrote that:
“I see the need for bits of code to have embedded within them both a PayPalPayPal-like address able to handle micro-payments (fractions of a cent), and a CISCO-like Application Oriented Network (AON) rules and rate sheet that can be updated globally with financial-level latency (which is to say, instantly) and full transparency. Some standards should be set for payment scales, e.g. 10 employees, 100, 1000 and up; such that a package of code with X number of coders will automatically begin to generate PayPal payments to the individual coders when the package hits N use cases within Z organizational or network structures.”
Micro-payments are not a bad idea and it has occasionally been put into practice, but not very widespread. No one has really pioneered an effective system for it.
Steele is also an advocate for “…Internet access and individual access to code is a human right, devising new rules for a sharing economy in which code is a cost of doing business at a fractional level in comparison to legacy proprietary code — between 1% and 10% of what is paid now.”
It is the ideal version of the Internet, where people are able to make money from their content and creations, users’ privacy is maintained, and ethics is essential are respected. The current trouble with YouTube channels and copyright comes to mind as does stolen information sold on the Dark Web and the desire to eradicate online bullying.
Whitney Grace, May 27, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
DGraph Labs Startup Aims to Fill Gap in Graph Database Market
May 24, 2016
The article on GlobeNewsWire titled Ex-Googler Startup DGraph Labs Raises US$1.1 Million in Seed Funding Round to Build Industry’s First Open Source, Native and Distributed Graph Database names Bain Capital Ventures and Blackbird Ventures as the main investors in the startup. Manish Jain, founder and CEO of DGraph, worked on Google’s Knowledge Graph Infrastructure for six years. He explains the technology,
“Graph data structures store objects and the relationships between them. In these data structures, the relationship is as important as the object. Graph databases are, therefore, designed to store the relationships as first class citizens… Accessing those connections is an efficient, constant-time operation that allows you to traverse millions of objects quickly. Many companies including Google, Facebook, Twitter, eBay, LinkedIn and Dropbox use graph databases to power their smart search engines and newsfeeds.”
Among the many applications of graph databases, the internet of thing, behavior analysis, medical and DNA research, and AI are included. So what is DGraph going to do with their fresh funds? Jain wants to focus on forging a talented team of engineers and developing the company’s core technology. He notes in the article that this sort of work is hardly the typical obstacle faced by a startup, but rather the focus of major tech companies like Google or Facebook.
Chelsea Kerwin, May 24, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Tech Savvy Users Turn to DuckDuckGo
May 18, 2016
A recent report from SimilarWeb tells us what sorts of people turn to Internet search engine DuckDuckGo, which protects users’ privacy, over a more prominent engine, Microsoft’s Bing. The Search Engine Journal summarizes the results in, “New Research Reveals Who is Using DuckDuckGo and Why.”
The study drew its conclusions by looking at the top five destinations of DuckDuckGo users: Whitehatsec.com, Github.com, NYtimes.com, 4chan.org, and YCombinator.com. Note that four of these five sites have pretty specific audiences, and compare them to the top five, more widely used, sites accessed through Bing: MSN.com, Amazon.com, Reddit.com, Google.com, and Baidu.com.
Writer Matt Southern observes:
“DuckDuckGo users also like to engage with their search engine of choice for longer periods of time — averaging 9.38 minutes spent on DuckDuckGo vs. Bing.
“Despite its growth over the past year, DuckDuckGo faces a considerable challenge when it comes to getting found by new users. Data shows the people using DuckDuckGo are those who already know about the search engine, with 93% of its traffic coming from direct visits. Only 1.5% of its traffic comes from organic search.
“Roy Hinkis of SimilarWeb concludes by saying the loyal users of DuckDuckGo are those who love tech, and they use they use DuckDuckGo as an alternative because they’re concerned about having their privacy protected while they search online.”
Though Southern agrees DuckDuckGo needs to do some targeted marketing, he notes traffic to the site has been rising by 22% per year. It is telling that the privacy-protecting engine is most popular among those who understand the technology.
Cynthia Murrell, May 18, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Facebook and Law Enforcement in Cahoots
May 13, 2016
Did you know that Facebook combs your content for criminal intent? American Intelligence Report reveals, “Facebook Monitors Your Private Messages and Photos for Criminal Activity, Reports them to Police.” Naturally, software is the first entity to scan content, using keywords and key phrases to flag items for human follow-up. Of particular interest are “loose” relationships. Reporter Kristan T. Harris writes:
“Reuters’ interview with the security officer explains, Facebook’s software focuses on conversations between members who have a loose relationship on the social network. For example, if two users aren’t friends, only recently became friends, have no mutual friends, interact with each other very little, have a significant age difference, and/or are located far from each other, the tool pays particular attention.
“The scanning program looks for certain phrases found in previously obtained chat records from criminals, including sexual predators (because of the Reuters story, we know of at least one alleged child predator who is being brought before the courts as a direct result of Facebook’s chat scanning). The relationship analysis and phrase material have to add up before a Facebook employee actually looks at communications and makes the final decision of whether to ping the authorities.
“’We’ve never wanted to set up an environment where we have employees looking at private communications, so it’s really important that we use technology that has a very low false-positive rate,’ Sullivan told Reuters.”
Uh-huh. So, one alleged predator has been caught. We’re told potential murder suspects have also been identified this way, with one case awash in 62 pages of Facebook-based evidence. Justice is a good thing, but Harris notes that most people will be uncomfortable with the idea of Facebook monitoring their communications. She goes on to wonder where this will lead; will it eventually be applied to misdemeanors and even, perhaps, to “thought crimes”?
Users of any social media platform must understand that anything they post could eventually be seen by anyone. Privacy policies can be updated without notice, and changes can apply to old as well as new data. And, of course, hackers are always lurking about. I was once cautioned to imagine that anything I post online I might as well be shouting on a public street; that advice has served me well.
Cynthia Murrell, May 13, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
New Criminal Landscape Calls for New Approaches
May 9, 2016
The Oxford University Press’s blog discusses law enforcement’s interest in the shady side of the Internet in its post, “Infiltrating the Dark Web.” Writer Andrew Staniforth observes that the growth of crime on the Dark Web calls for new tactics. He writes:
“Criminals conducting online abuses, thefts, frauds, and terrorism have already shown their capacity to defeat Information Communication Technology (ICT) security measures, as well as displaying an indifference to national or international laws designed to stop them. The uncomfortable truth is that as long as online criminal activities remain profitable, the miscreants will continue, and as long as technology advances, the plotters and conspirators who frequent the Dark Web will continue to evolve at a pace beyond the reach of traditional law enforcement methods.
“There is, however, some glimmer of light amongst the dark projection of cybercrime as a new generation of cyber-cops are fighting back. Nowhere is this more apparent than the newly created Joint Cybercrime Action Taskforce (J-CAT) within Europol, who now provide a dynamic response to strengthen the fight against cybercrime within the European Union and beyond Member States borders. J-CAT seeks to stimulate and facilitate the joint identification, prioritisation, and initiation of cross-border investigations against key cybercrime threats and targets – fulfilling its mission to pro-actively drive intelligence-led actions against those online users with criminal intentions.”
The article holds up J-CAT as a model for fighting cybercrime. It also emphasizes the importance of allocating resources for gathering intelligence, and notes that agencies are increasingly focused on solutions that can operate in mobile and cloud environments. Increased collaboration, however, may make the biggest difference in the fight against criminals operating on the Dark Web.
Cynthia Murrell, April 9, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
How Hackers Hire
May 7, 2016
Ever wonder how hackers fill job openings, search-related or otherwise? A discussion at the forum tehPARADOX.COM considers, “How Hackers Recruit New Talent.” Poster MorningLightMountain cites a recent study by cybersecurity firm Digital Shadows, which reportedly examined around 100 million websites, both on the surface web and on the dark web, for recruiting practices. We learn:
“The researchers found that the process hackers use to recruit new hires mirrors the one most job-seekers are used to. (The interview, for example, isn’t gone—it just might involve some anonymizing technology.) Just like in any other industry, hackers looking for fresh talent start by exploring their network, says Rick Holland, the vice president of strategy at Digital Shadows. ‘Reputation is really, really key,’ Holland says, so a candidate who comes highly recommended from a trusted peer is off to a great start. When hiring criminals, reputation isn’t just about who gets the job done best: There’s an omnipresent danger that the particularly eager candidate on the other end of the line is actually an undercover FBI agent. A few well-placed references can help allay those fears.”
Recruiters, we’re told, frequently advertise on hacker forums. These groups reach many potential recruits and are often password-protected. However, it is pretty easy to trace anyone who logs into one without bothering to anonymize their traffic. Another option is to advertise on the dark web— researchers say they even found a “sort of Monster.com for cybercrime” there.
The post goes on to discuss job requirements, interviews, and probationary periods. We’re reminded that, no matter how many advanced cybersecurity tools get pushed to market, most attack are pretty basic; they involve approaches like denial-of-service and SQL injection. So, MorningLightMountain advises, any job-seeking hackers should be good to go if they just keep up those skills.
Cynthia Murrell, May 7, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
-
- Subscribe to Beyond Search
Feature archive
News archive
-
