New EU Legislation on Terrorist Content
October 12, 2016
Balancing counterterrorism with digital rights continues to be a point of discussion. An article, EU parliament pushes ahead with plans to block, remove terrorist content online from Ars Technica reiterates the . Now, national authorities are required to ensure action are taken to remove illegal content hosted from within their territory that “constitutes public incitement to commit a terrorist offence”. If this is not feasible, they may take the necessary measures to block access to such content. Parliament’s chief negotiator, German MEP Monika Hohlmeier’s perspective is shared,
Hohlmeier said that the proposal strikes the right balance between security on the one hand and data protection and freedom of expression on the other. “It’s not so much a question of whether terrorists are using particular ways to hide on the Internet, or encryption, but they very often have perfect propaganda machinery. Our approach is to try to close websites, and if this is not possible to block these Internet websites,” she said. She added that enhanced cooperation was needed between police and justice authorities as well as private actors.
European digital rights organisation EDRi asserts that speed of action is taking undue priority over “legislation fit for the purpose.” Perhaps there is an opportunity for cyber security technology developed by justice authorities and the private sector to hit the mark on balancing the fine line between censorship and counterterrorism.
Megan Feil, October 12, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
World-Check Database Leaked by Third Party
October 4, 2016
This is the problem with sensitive data—it likes to wander from its confines. Motherboard reports, “Terrorism Database Used by Governments and Banks Leaked Online.” Security researcher Chris Vickery reported stumbling upon a copy of the World-Check intelligence database from mid-2014 that was made available by a third party. The database maintained by Thomson Reuters for use by governments, intelligence agencies, banks, and law firms to guard against risks. Reporter Joseph Cox specifies:
Described by Thomson Reuters as a ‘global screening solution,’ the World-Check service, which relies on information from all over the world, is designed to give deep insight into financial crime and the people potentially behind it.
We monitor over 530 sanctions, including watch and regulatory law and enforcement lists, and hundreds of thousands of information sources, often identifying heightened-risk entities months or years before they are listed. In fact, in 2012 alone we identified more than 180 entities before they appeared on the US Treasury Office of Foreign Assets Control (OFAC) list based on reputable sources identifying relevant risks,’ the Thomson Reuters website reads.
A compilation of sensitive data like the World-Check database, though built on publicly available info, is subject to strict European privacy laws. As a result, it is (normally) only used by carefully vetted organizations. The article notes that much the U.S.’s No Fly List, World-Check has been known to flag the innocent on occasion.
Though Vickery remained mum on just how and where he found the data, he did characterize it as a third-party leak, not a hack. Thomson Reuters reports that the leak is now plugged, and they have secured a promise from that party to never leak the database again.
Cynthia Murrell, October 4, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Microsoft Looks Slightly Desperate Paying People to Use Edge and Bing
September 28, 2016
The article on Business Insider titled Microsoft Will Actually Pay You to Use Its Newest Web Browser shows the evolution of Microsoft’s program from using Bing Rewards to their own Microsoft Rewards. Originally, just using Bing could earn users points towards Starbucks, Amazon, and Hulu, to name a few. Microsoft is now rebranding and expanding the program to incentivize users to spend time on Microsoft Edge, the child of Internet Explorer. The article states,
So long as you’re actively using Microsoft Edge — defined as having the Edge window open and actually using it to browse the web…— you’ll accrue points that can be redeemed for prizes, up to 30 hours’ worth a month. While Windows 10 is on over 350 million active devices, the Edge browser hasn’t quite made the splash that Microsoft had hoped for. Current numbers place Edge usage at just over 4.2% of the overall browser market.
The article makes a point of mentioning that for this program to work for users, they can’t just have Microsoft Edge open. They also must use Microsoft Bing as their default search engine. Without that setup, no points for you. Some users might jump at the chance to get paid for doing practically nothing, but others might be less than willing to expose themselves to being tracked by Microsoft. Still others might wince at the idea of giving up their Google default. Microsoft Edge: the broke person’s Google Chrome.
Chelsea Kerwin, September 28, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Ancient History Tumblr Hack Still Beats Myspace Passwords Sale
September 19, 2016
Personal information remains a hot ticket item on the darknet. Metro shared an article highlighting the latest breach, More than 65million Tumblr emails sold on the darknet. While the leak happened in 2013, Tumblr has now reported the magnitude of the database that was hacked. As a call to action, the article reports Tumblr’s recommendation for users to change their passwords and look out for phishing attempts. The article reports,
The database includes email addresses and passwords. These are heavily protected by a procedure which makes it extremely difficult to reproduce the passwords. The database has turned up on the darknet marketplace The Real Deal at a price of £102, reports Motherboard.
Troy Hunt, who runs the security research site Have I Been Pwned, said the leak is an example of a ‘historical mega breach’. Users who fear their credentials were involved in the Tumblr hack can find out here.
Let’s not forget the more recent hack of potentially the largest login credentials theft: Hacker offers 427 million MySpace passwords for just $2,800. Many are commenting on the low price tag for such a huge quantity of personal information as a sign of MySpace’s lack of appeal even on the Dark Web. When login information including passwords are stolen, phishing attempts on the site are not the only issue for victims to be concerned with; many individuals use the same login credentials for multiple accounts.
Megan Feil, September 19, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
There is a Louisville, Kentucky Hidden Web/Dark Web meet up on September 27, 2016.
Information is at this link: https://www.meetup.com/Louisville-Hidden-Dark-Web-Meetup/events/233599645/
Enterprise Technology Perspective on Preventing Security Breaches
September 16, 2016
When it comes to the Dark Web, the enterprise perspective wants solutions to prevent security breaches. Fort Scale released an article, Dark Web — Tor Use is 50% Criminal Activity — How to Detect It, speaking to this audience. This write-up explains the anonymizer Tor as The Onion Router, a name explained by the multiple layers used to hide an IP address and therefore the user’s identity. How does the security software works to detect Tor users? We learned,
There are a couple of ways security software can determine if a user is connecting via the Tor network. The first way is through their IP address. The list of Tor relays is public, so you can check whether the user is coming from a known Tor relay. It’s actually a little bit trickier than that, but a quality security package should be able to alert you if user behaviors include connecting via a Tor network. The second way is by looking at various application-level characteristics. For example, a good security system can distinguish the differences between a standard browser and a Tor Browser because among other things,Tor software won’t respond to certain history requests or JavaScript queries.
Many cybersecurity software companies that exist offer solutions that monitor the Dark Web for sensitive data, which is more of a recovery strategy. However, this article highlights the importance of cybersecurity solutions which monitor enterprise systems usage to identify users connecting through Tor. While this appears a sound strategy to understand the frequency of Tor-based users, it will be important to know whether these data-producing software solutions facilitate action such as removing Tor users from the network.
Megan Feil, September 16, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
There is a Louisville, Kentucky Hidden Web/Dark Web meet up on September 27, 2016.
Information is at this link: https://www.meetup.com/Louisville-Hidden-Dark-Web-Meetup/events/233599645/
Revolving Door Hires at Google
September 7, 2016
It looks like Google has determined the best way to address its legal challenges in Europe is to infiltrate and influence its governments. The Guardian reports, “Google: New Concerns Raised About Political Influence by Senior ‘Revolving Door’ Jobs.” The personnel-based tactic has apparently worked so well in the U.S. that Google is applying it to the European arena. Writer Jamie Doward cites research by the the Google Transparency Project, a venture of the Campaign for Accountability (CfA), when she writes:
New concerns have been raised about the political influence of Google after research found at least 80 ‘revolving door’ moves in the past decade – instances where the online giant took on government employees and European governments employed Google staff. … The CfA has suggested that the moves are a result of Google seeking to boost its influence in Europe as the company seeks to head off antitrust action and moves to tighten up on online privacy.
The article gets into specifics on who was hired where and when; navigate to it for those details. In sum, Doward writes:
Overall, the research suggests that Google, now part of parent company Alphabet Inc, has hired at least 65 former government officials from within the European Union since 2005.
During the same period, 15 Google employees were appointed to government positions in Europe, gaining what the CfA claims are ‘valuable contacts at the heart of the decision-making process’.
Anne Weisemann, CfA executive director, points to Google’s success influencing the U.S. government as a driving factor in its EU choices. She notes Google spends more to lobby our federal government than any other company, and that Google execs grace the White House more than once a week, on average. Also, CfA points to more than 250 of these “revolving door” appointments Google has made in the U.S.
For its part, Google claims it is just hiring experts who can answer government officials’ many questions about the Internet, about their own business model, and the “opportunity for European businesses to grow online.” There’s no way that could give Google an unfair advantage, right?
The article concludes with a call to reevaluate how government officials view Google—it is now much more than a search engine, it is a major political actor. Caution is warranted as the company works its way into government-run programs like the UK’s National Health Service and school systems. Such choices, ones that can affect the public on a grand scale, should be fully informed. Listening to Google lobbyists, who excel at playing on politicians’ technical ignorance, does not count.
Cynthia Murrell, September 7, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
There is a Louisville, Kentucky Hidden Web/Dark Web meet up on September 27, 2016.
Information is at this link: https://www.meetup.com/Louisville-Hidden-Dark-Web-Meetup/events/233599645/
Another Day Another Possible Data Breach
August 19, 2016
Has the next Ashley Madison incident happened? International Business Times reports on breached information that has surfaced on the Dark Web. The article, Fling.com breach: Passwords and sexual preferences of 40 million users up for sale on dark web, sheds some light on what happened in the alleged 40 million records posted on the The Real Deal marketplace. One source claims the leaked data was old information. Another source reports a victim who says they never had an account with Fling.com. The article states,
“The leak is the latest in a long line of dating websites being targeted by hackers and follows similar incidents at Ashley Madison, Mate1, BeautifulPeople and Adult Friend Finder. In each of these cases, hundreds of thousands – if not millions – of sensitive records were compromised. While in the case of Ashley Madison alone, the release of information had severe consequences – including blackmail attempts, high-profile resignations, and even suicide. Despite claims the data is five years old, any users of Fling.com are now advised to change their passwords in order to stay safe from future account exploitation.”
Many are asking about the facts related to this data breach on the Dark Web — when it happened and if the records are accurate. We’re not sure if it’s true, but it is sensational. The interesting aspect of this story is in the terms of service for Fling.com. The article reveals Fling.com is released from any liability related to users’ information.
Megan Feil, August 19, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
There is a Louisville, Kentucky Hidden /Dark Web meet up on August 23, 2016.
Information is at this link: https://www.meetup.com/Louisville-Hidden-Dark-Web-Meetup/events/233019199/
CloudFlare Claims Most Activity from Tor Is Malicious
June 28, 2016
Different sources suggest varying levels of malicious activity on Tor. Tech Insider shared an article responding to recent claims about Tor made by CloudFlare. The article, entitled, Google Search has a secret feature that shouts animal noises at you, offers information about CloudFlare’s perspective and that of the Tor Project. CloudFlare reports most requests from Tor, 94 percent, are “malicious” and the Tor Project has responded by requesting evidence to justify the claim. Those involved in the Tor Project have a hunch the 94 percent figure stems from CloudFlare attributing the label of “malicious” to any IP address that has ever sent spam. The article continues,
“We’re interested in hearing CloudFlare’s explanation of how they arrived at the 94% figure and why they choose to block so much legitimate Tor traffic. While we wait to hear from CloudFlare, here’s what we know: 1) CloudFlare uses an IP reputation system to assign scores to IP addresses that generate malicious traffic. In their blog post, they mentioned obtaining data from Project Honey Pot, in addition to their own systems. Project Honey Pot has an IP reputation system that causes IP addresses to be labeled as “malicious” if they ever send spam to a select set of diagnostic machines that are not normally in use. CloudFlare has not described the nature of the IP reputation systems they use in any detail.”
This article raises some interesting points, but also alludes to more universal problems with making sense of any information published online. An epistemology about technology, and many areas of study, is like chasing a moving target. Knowledge about technology is complicated by the relationship between technology and information dissemination. The important questions are what does one know about Tor and how does one know about it?
Megan Feil, June 28, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Is the NSA Is Overwhelmed with Data?
June 28, 2016
US citizens are worried about their civil liberties being compromised by the National Security Agency. ZDNet reports they might not need to be worried anymore in the article, “NSA Is So Overwhelmed With Data, It’s No Longer Effective, Says Whistleblower.”
William Binney is a former official from the National Security Agency (NSA) with thirty years under his belt. Binney has been a civilian for fifteen years, but he is abhorred with the NSA. He said the NSA is so engorged with data that it has lost its effectiveness and important intelligence is lost in the mess. This is how the terrorists win. Binney also shared that an NSA official could run a query and be overwhelmed with so much data they would not know where to start.
” ‘That’s why they couldn’t stop the Boston bombing, or the Paris shootings, because the data was all there,’ said Binney. Because the agency isn’t carefully and methodically setting its tools up for smart data collection, that leaves analysts to search for a needle in a haystack. ‘The data was all there… the NSA is great at going back over it forensically for years to see what they were doing before that,’ he said. ‘But that doesn’t stop it.’”
The problems are worse across the other law enforcement agencies, including the FBI, CIA, and DEA. Binney left the NSA one month after 9/11 and reported that the NSA uses an intrusive and expensive data collection system. The mantra is “to collect it all”, but it is proving ineffective and expensive. According to Binney, it is also taking away half the Constitution.
Binney’s statements remind me of the old Pokémon games. The catchphrase for the franchise is “gotta catch ‘em all” and it was easy with 150 Pokémon along with a few cheat codes. The games have expanded to over seven hundred monsters to catch, plus the cheat codes have been dismantled making it so overwhelming that the game requires endless hours just to level up one character. The new games are an ineffective way to play, because it takes so long and there is just too much to do. The NSA is suffering from too many Pokémon in the form of data.
Whitney Grace, June 28, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
The Time Google Flagged Itself for Potentially Malicious Content
June 13, 2016
Did you know Google recently labeled itself as ‘partially dangerous’? Fortune released a story, Google Has Stopped Rating ‘Google.com’ as ‘Partially Dangerous’, which covers what happened. Google has a Safe Browsing tool which identifies potentially harmful websites by scanning URLs. Users noticed that Google itself was flagged for a short time. Was there a rational explanation? This article offers a technology-based reason for the rating,
“Fortune noted that Google’s Safe Browsing tool had stopped grading its flagship site as a hazard on Wednesday morning. A Google spokesperson told Fortune that the alert abated late last night, and that the Safe Browsing service is always on the hunt for security issues that might need fixing. The issue is likely the result of some Google web properties hosting risky user-generated content. The safety details of the warning specifically called out Google Groups, a service that provides online discussion boards and forums. If a user posted something harmful there, Google’s tool would have factored that in when assessing the security of the google.com domain as a whole, a person familiar with the matter told Fortune.”
We bet some are wondering whether this is a reflection of Google management or the wonkiness of Google’s artificial intelligence? Considering hacked accounts alone, it seems like malicious content would be posted in Google Groups fairly regularly. This flag seems to be a flag for more than the “partially dangerous” message spells out. The only question remaining is, a flag for what?
Megan Feil, June 13, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
-
- Subscribe to Beyond Search
Feature archive
News archive
-
