Legacy Servers: Upgrade Excitement
October 2, 2015
Enterprise management systems (ECM) were supposed to provide an end all solution for storing and organizing digital data. Data needs to be stored for several purposes: taxes, historical record, research, and audits. Government agencies deployed ECM solutions to manage their huge data loads, but the old information silos are not performing up to modern standards. GCN discusses government agencies face upgrading their systems in “Migrating Your Legacy ECM Solution.”
When ECMs first came online, information was stored in silos programmed to support even older legacy solutions with niche applications. The repositories are so convoluted that users cannot find any information and do not even mention upgrading the beasts:
“Aging ECM systems are incapable of fitting into the new world of consumer-friendly software that both employees and citizens expect. Yet, modernizing legacy systems raises issues of security, cost, governance and complexity of business rules — all obstacles to a smooth transition. Further, legacy systems simply cannot keep up with the demands of today’s dynamic workforce.”
Two solutions present themselves: data can be moved from an old legacy system to a new one or simply moving the content from the silo. The barriers are cost and time, but the users will reap the benefits of upgrades, especially connectivity, cloud, mobile, and social features. There is the possibility of leaving the content in place using interoperability standards or cloud-based management to make the data searchable and accessible.
The biggest problem is actually convincing people to upgrade. Why fix what is not broken? Then there is the justification of using taxpayers’ money for the upgrade when the money can be used elsewhere. Round and round the argument goes.
Whitney Grace, October 2, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Not Hacking, but Trickery, Lost Bitpay Almost $2 Million
September 30, 2015
The article titled How a Clever Hacker Tricked a Major Bitcoin Company Out of $1.8 Million on Motherboard shines a light on the manipulation of BitPay,a Bitcoin payment service, by a clever hacker. Apparently the attacker sent an email from BTC Media CEO David Bailey’s computer to a BitPay CFO requesting his corporate email information, which he readily supplied because the two companies were already in talks about a potential partnership. The article clarifies,
“The insurance claim on the lost funds was denied because BitPay’s computers were never hacked—instead, they just gave away their email passwords in what appears to be a classic phishing scam. Phishing is when an attacker send a scammy email in the hopes that the victim is not savvy enough to trash it immediately. …Several months after the hack, BitPay was reportedly processing more than $1 million in payments every day.”
The hacker continued using Bitpay’s executive accounts to request funds, all of which were apparently granted until an employee of the transaction software company, SecondMarket, was notified. The article and court case emphasize that this was not a hacking scenario, just a $1.8 Million phishing scam that people using Craigslist for job searches avoid every day.
Chelsea Kerwin, September 30, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
The Many Applications of Predictive Analytics
September 29, 2015
The article on Computer World titled Technology that Predicts Your Next Security Fail confers the current explosion in predictive analytics, the application of past occurrences to predict future occurrences. The article cites the example of the Kentucky Department of Revenue (DOR), which used predictive analytics to catch fraud. By providing SAS with six years of data the DOR received a batch of new insights into fraud indicators such as similar filings from the same IP address. The article imparts words of wisdom from SANS Institute instructor Phil Hagen,
“Even the most sophisticated predictive analytics software requires human talent, though. For instance, once the Kentucky DOR tools (either the existing checklist or the SAS tool) suspect fraud, the tax return is forwarded to a human examiner for review. “Predictive analytics is only as good as the forethought you put into it and the questions you ask of it,” Hagen warns…. Also It’s imperative that data scientists, not security teams, drive the predictive analytics project.”
In addition to helping the IRS avoid major fails like the 2013 fraudulent refunds totaling $5.8 billion, predictive analytics has other applications. Perhaps most interesting is its use protecting human assets in regions where kidnappings are common by detecting unrest and alerting organizations to lock up their doors. But it is hard to see limitations for technology that so accurately reads the future.
Chelsea Kerwin, September 29, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Watch Anti-Money Laundering Compliances Sink
September 25, 2015
With a title like “AML-A Challenge Of Titanic Proportions” posted on Attivio metaphoric comparisons between the “ship of dreams” and icebergs is inevitable. Anti-money laundering compliances have seen an unprecedented growth between 2011-2014 of 53%, says KPMG’s Global Anti-Money Laundering (AML) Survey. The costs are predicted to increase by more than 25% in the next three years. The biggest areas that are requiring more money, include transaction monitoring systems, Know Your Customer systems, and recruitment/retention systems for AML staff.
The Titanic metaphor plays in as the White Star Line director Bruce Ismay, builder Thomas Andrew, and nearly all of the 3327 passengers believed the ship was unsinkable and the pinnacle of modern technology. The belief that humanity’s efforts would conquer Mother Nature was its downfall. The White Star Line did not prepare the Titanic for disaster, but AML companies are trying to prevent their ships are sinking. Except they cannot account for all the ways thieves can work around their system, just as the Titanic could not avoid the iceberg.
“Systems need to be smarter – even capable of learning patterns of transaction and ownership. Staff needs more productive ways of investigating and positively concluding their caseload. Alerting methods need to generate fewer ‘false positives’ – reducing the need for costly human investigation. New sources of information that can provide evidence need to come online faster and quickly correlate with existing data sources.”
The Titanic crew accidentally left the binoculars for the crow’s nest in England, which did not help the lookouts. The current AML solutions are like the forgotten binoculars and pervasive action needs to be taken to avoid the AML iceberg.
Whitney Grace, September 25, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Rundown on Legal Knowledge Management
September 24, 2015
One of the new legal buzzwords is knowledge management and not just old-fashioned knowledge management, but rather quick, efficient, and effective. Time is an expensive commodity for legal professionals, especially with the amount of data they have to sift through for cases. Mondaq explains the importance of knowledge management for law professionals in the article, “United States: A Brief Overview Of Legal Knowledge Management.”
Knowledge management first started in creating an effective process for managing, locating, and searching relevant files, but it quickly evolved into implementing a document managements system. While knowledge management companies offered law practices decent document management software to tackle the data hill, an even bigger problem arose. The law practices needed a dedicated person to be software experts:
“Consequently, KM emphasis had to shift from finding documents to finding experts. The expert could both identify useful documents and explain their context and use. Early expertise location efforts relied primarily on self-rating. These attempts almost always failed because lawyers would not participate and, if they did, they typically under- or over-rated themselves.”
The biggest problem law professional face is that they might invest a small fortune in a document management license, but they do not know how to use the software or do not have the time to learn. It is a reminder that someone might have all the knowledge and best tools at their fingertips, but unless people have the knowledge on how to use and access it, the knowledge is useless.
Whitney Grace, September 24, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Microsoft Upgrades Test New Search Feature
September 23, 2015
It is here at last! After several years, Microsoft has finally upgrades its SharePoint and it comes with an exciting list of brand new features. That is not all Microsoft released an upgrade for; Microsoft’s new cloud hybrid search also has a beta. PC World examines the new Microsoft betas in the article, “Microsoft Tests SharePoint 2014 And Enterprise Cloud Hybrid Search.”
SharePoint, the popular collaborative content platform, is getting well deserved upgrade that will allow users to finally upload files up to ten gigabytes, a new App Launcher for easier accessibility for applications, simplified file sharing controls, and better accessibility on mobile devices. As with all Microsoft upgrades, however, it is recommended that SharePoint 2016 is not downloaded into the product environment.
The new cloud hybrid search will make it easier for users to locate files across various Office 365 programs:
“On top of the SharePoint beta, Microsoft’s new cloud hybrid search feature will allow Office 365 users who also run on-premises SharePoint servers to easily access both the files stored in their company’s servers as well as those stored in Microsoft’s cloud. This means that Microsoft Delve, which gives users an at-a-glance view of their team members’ work, can show files that are stored in a company’s servers and in Microsoft’s servers side by side.”
The new search feature will ease server’s workload for creating and maintaining search indices. Microsoft is encouraging organizations to switch to its cloud services, but it still offers products and support for on-site packages.
While the cloud offers many conveniences, such as quick access to files and for users to be able to work from any location, the search function will increase an ease of use. However, security is still a concern for many organizations that prefer to maintain on-site servers.
Whitney Grace, September 23, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Content Matching Helps Police Bust Dark Web Sex Trafficking Ring
September 4, 2015
The Dark Web is not only used to buy and sell illegal drugs, but it is also used to perpetuate sex trafficking, especially of children. The work of law enforcement agencies working to prevent the abuse of sex trafficking victims is detailed in a report by the Australia Broadcasting Corporation called “Secret ‘Dark Net’ Operation Saves Scores Of Children From Abuse; Ringleader Shannon McCoole Behind Bars After Police Take Over Child Porn Site.” For ten months, Argos, the Queensland, police anti-pedophile taskforce tracked usage on an Internet bulletin board with 45,000 members that viewed and uploaded child pornography.
The Dark Web is notorious for encrypting user information and that is one of the main draws, because users can conduct business or other illegal activities, such as view child pornography, without fear of retribution. Even the Dark Web, however, leaves a digital trail and Argos was able to track down the Web site’s administrator. It turned out the administrator was an Australian childcare worker who had been sentenced to 35 years in jail for sexually abusing seven children in his care and sharing child pornography.
Argos was able to catch the perpetrator by noticing patterns in his language usage in posts he made to the bulletin board (he used the greeting “hiya”). Using advanced search techniques, the police sifted through results and narrowed them down to a Facebook page and a photograph. From the Facebook page, they got the administrator’s name and made an arrest.
After arresting the ringleader, Argos took over the community and started to track down the rest of the users.
” ‘Phase two was to take over the network, assume control of the network, try to identify as many of the key administrators as we could and remove them,’ Detective Inspector Jon Rouse said. ‘Ultimately, you had a child sex offender network that was being administered by police.’ ”
When they took over the network, the police were required to work in real-time to interact with the users and gather information to make arrests.
Even though the Queensland police were able to end one Dark Web child pornography ring and save many children from abuse, there are still many Dark Web sites centered on child sex trafficking.
Whitney Grace, September 4, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Does This Autonomous Nerf Gun Herald the Age of Killer Robots?
September 3, 2015
Well here’s something interesting that has arisen from HP’s “disastrous” $11 billion acquisition of Autonomy: check out this three-minute YouTube video: “See What You Can Create with HP IDOL OnDemand.” The fascinating footage reveals the product of developer Martin Zerbib’s “little project,” made possible with IDOL OnDemand and a Nerf gun. Watch as the system targets a specific individual, a greedy pizza grabber, a napping worker, and a thief. It seems like harmless fun, until you realize how gruesome this footage would be if this were a real gun.
It is my opinion that it is the wielders of weapons who should be held directly responsible for their misuse, not the inventors. Still, commenter “Dazed Confused” has a point when he rhetorically asks “What could possibly go wrong?” and links to an article in Bulletin of the Atomic Scientists, “Stopping Killer Robots and Other Future Threats.” That piece describes an agreement being hammered out that proposes to ban the development of fully autonomous weapons. Writer Seth Baum explains there is precedent for such an agreement: The Saint Petersburg Declaration of 1868 banned exploding bullets, and 105 countries have now ratified the 1995 Protocol on Blinding Laser Weapons. (Such laser weapons could inflict permanent blindness on soldiers, it is reasoned.) After conceding that auto-weaponry would have certain advantages, the article points out:
“But the potential downsides are significant. Militaries might kill more if no individual has to bear the emotional burden of strike decisions. Governments might wage more wars if the cost to their soldiers were lower. Oppressive tyrants could turn fully autonomous weapons on their own people when human soldiers refused to obey. And the machines could malfunction—as all machines sometimes do—killing friend and foe alike.
“Robots, moreover, could struggle to recognize unacceptable targets such as civilians and wounded combatants. The sort of advanced pattern recognition required to distinguish one person from another is relatively easy for humans, but difficult to program in a machine. Computers have outperformed humans in things like multiplication for a very long time, but despite great effort, their capacity for face and voice recognition remains crude. Technology would have to overcome this problem in order for robots to avoid killing the wrong people.”
Baum goes on to note that organizers base their call for a ban on existing international humanitarian law, which prohibits weapons that would strike civilians. Such reasoning has already been employed to achieve bans against landmines and cluster munitions, and is being leveraged in an attempt to ban nuclear weapons.
Will killer robots be banned before they’re a reality? It seems the agreement would have to move much faster than bureaucracy usually does; given the public example of Zerbib’s “little project,” I suspect it is already way too late for that.
Cynthia Murrell, September 3, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
How to Search the Ashley-Madison Data and Discover If You Had an Affair Too
August 26, 2015
If you haven’t heard about the affair-promoting website Ashley Madison’s data breach, you might want to crawl out from under that rock and learn about the millions of email addresses exposed by hackers to be linked to the infidelity site. In spite of claims by parent company Avid Life Media that users’ discretion was secure, and that the servers were “kind of untouchable,” as many as 37 million customers have been exposed. Perhaps unsurprisingly, a huge number of government and military personnel have been found on the list. The article on Reuters titled Hacker’s Ashley Madison Data Dump Threatens Marriages, Reputations also mentions that the dump has divorce lawyers clicking their heels with glee at their good luck. As for the motivation of the hackers? The article explains,
“The hackers’ move to identify members of the marital cheating website appeared aimed at maximum damage to the company, which also runs websites such as Cougarlife.com andEstablishedMen.com, causing public embarrassment to its members, rather than financial gain. “Find yourself in here?,” said the group, which calls itself the Impact Team, in a statement alongside the data dump. “It was [Avid Life Media] that failed you and lied to you. Prosecute them and claim damages. Then move on with your life. Learn your lesson and make amends. Embarrassing now, but you’ll get over it.”
If you would like to “find yourself” or at least check to see if any of your email addresses are part of the data dump, you are able to do so. The original data was put on the dark web, which is not easily accessible for most people. But the website Trustify lets people search for themselves and their partners to see if they were part of the scandal. The website states,
“Many people will face embarrassment, professional problems, and even divorce when their private details were exposed. Enter your email address (or the email address of your spouse) to see if your sexual preferences and other information was exposed on Ashley Madison or Adult Friend Finder. Please note that an email will be sent to this address.”
It’s also important to keep in mind that many of the email accounts registered to Ashley Madison seem to be stolen. However, the ability to search the data has already yielded some embarrassment for public officials and, of course, “family values” activist Josh Duggar. The article on the Daily Mail titled Names of 37 Million Cheating Spouses Are Leaked Online: Hackers Dump Huge Data File Revealing Clients of Adultery Website Ashley Madison- Including Bankers, UN and Vatican Staff goes into great detail about the company, the owners (married couple Noel and Amanda Biderman) and how hackers took it upon themselves to be the moral police of the internet. But the article also mentions,
“Ashley Madison’s sign-up process does not require verification of an email address to set up an account. This means addresses might have been used by others, and doesn’t prove that person used the site themselves.”
Some people are already claiming that they had never heard of Ashley Madison in spite of their emails being included in the data dump. Meanwhile, the Errata Security Blog entry titled Notes on the Ashley-Madison Dump defends the cybersecurity of Ashley Madison. The article says,
“They tokenized credit card transactions and didn’t store full credit card numbers. They hashed passwords correctly with bcrypt. They stored email addresses and passwords in separate tables, to make grabbing them (slightly) harder. Thus, this hasn’t become a massive breach of passwords and credit-card numbers that other large breaches have lead to. They deserve praise for this.”
Praise for this, if for nothing else. The impact of this data breach is still only beginning, with millions of marriages and reputations in the most immediate trouble, and the public perception of the cloud and cybersecurity close behind.
Chelsea Kerwin, August 26, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
It Is a Recommended Title
August 24, 2015
Centripetal Networks offers a fully integrated security network specializing in threat-based intelligence. Threat intelligence is being informed about potential attacks, who creates the attacks, and how to prevent them. Think of it as the digital version of “stranger danger.” Centripetal Networks offers combative software using threat intelligence to prevent hacking with real-time results and tailoring for individual systems.
While Centripetal Networks peddles its software, they also share information sources that expand on threat intelligence, how it pertains to specific industries, and new developments in digital security. Not to brag or anything, but our very own CyberOSINT: Next Generation Information Access made the news page! Take a gander at its description:
“The RuleGate technology continues to remain the leader in speed and performance as an appliance, and its visualization and analytics tools are easy-to-use. Because of federal use and interest, its threat intelligence resources will continue to rank at the top. Cyber defense, done in this manner, is the most useful for its real time capacity and sheer speed in computing.”
CyberOSINT was written for law enforcement officials to gain and understanding of threat intelligence as well as tools they can use to arm themselves against cyber theft and track potential attacks. It profiles companies that specialize in threat intelligence and evaluates them. Centripetal Networks is proudly featured in the book.
Whitney Grace, August 24, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
-
- Subscribe to Beyond Search
Feature archive
News archive
-
